frogman

Members
  • Content count

    22
  • Joined

  • Last visited

Community Reputation

-1 Poor

About frogman

  • Rank
    Newbie
  1. Greetings everyone. I have written a small article about using some free techniques for DDOS prevention in a Large Cisco network. http://itstuffallaround.blogspot.com/2013/09/ddos-attack-mitigation-via-remote-black.html
  2. I have found a good online software http://www.manageengine.com/products/netflow/ But I am looking for a opensource because I have a team of developers that can adopt the code to the needs of the customer. There are also commercial versions like STEPONE and PeakNetflow, but I think I do not have the budget for those.
  3. Greetings dear forum members. Could anyone from their personal experience give me an advice for a netflow software for a smaller ISP. Opensource would be great or something similar. Thanks in advance.
  4. I am preparing a ICND1 exam. Anyone how can help with a voucher and anything else would be much appreciated.
  5. When I enabled cisco http command i can acceess via asdm. Now the next step is to forward the ports trough tplink
  6. update: cannot access asa5505 via ASDM now that the inside interface got an IP vi L3 DHCP server, but can ping the local IP address.
  7. Helloo, and thanks for the fast reply. I did not block the DHCP from tp-link, but I assigned a static IP to outside interface VLAN 2 and can succesful ping the TP-LINK. I have assigned a DHCP client on the inside interface VLAN 1 and got an IP from the VLAN that is in the VTP DOMAIN, I can ping the device from my VTP network but cannot access the asa via ASDM. I cannot take out the tp-link because it is needed there for wirelles , I can only set the ASA to DMZ zone or forward all necessery ports. What are my next steps to create a secure IPSEC tunell, and am I on a right track? Thanks in advance.
  8. Here is an example of network diagram : CISCO L3 SWITCH (VTP DOMAIN) --------> L2 SWITCH 2960 (ACCESS VLAN PORT)--------->(INSIDE INTERFACE)ASA5505(OUTSIDE INTERFACE)--------->TP-LINK Wirelles ROUTER (STATIC WAN IP)---------> ISP <<<<===========>>>>> VPN CISCO IPSEC SOFT CLIENT I have an existing VTP DOMAIN with 30 or so VLANs , this particular VLAN that I want to assign an VPN client is for managament and not attached to any dhcp scope. The VLAN has dot1q encapsulation on L3 SWITCH interface, and configured /22 subnet that is fully routed with other VLANs. The port that is connected to inside intf. ASA5505 via L2-c2960 access switch goes like this: interfae faste... 0/21 switchport access vlan XXX switchport mode access spanning-tree portfast When I assign an IP and DG to a PC and attach it to this port it works fine. Sees all the routes and other VLANs, so interiour conf is ok. The outside interface of the ASA5505 got an IP 192.168.1.xx from the DHCP of the TP-LINK router (but I can assign a static IP). The thing I do not know to do, because this is my second encounter with ASA firewalls, I wan't to let the ports trough TP-LINK router via NAT (port forward) for cisco VPN client and then configure ASA5505 when a client attaches to the VPN-IPSEC , to be able to access the network that is in an VLAN that is configured in the access port of L2 - VTP domain. I've been using ASDM that came on the CD, but it won't remember some of my saves, i prefer CLI but cannot telnet to the device. ASA is now on default configuration, so my PC gets and 192.168.1.xx from the inside interface of the ASA. Any help would be appreciated. Thanks in advance.
  9. Why the caps ? Do a system state backup. Here is the link http://support.microsoft.com/kb/240363
  10. Just the man I am looking for to pick up the moral. I am reading exploration 2 and now at the basics of EIGRP. I will PM you my msn so we can agree more. I hope others will join.
  11. the setup is Cat4500 ------>C2960s----->Clients------>IP phone-------->PC If I think about it now the ip phones are siemes euroset series that have two lan ports (kind a acts as a switch), in the setup of the phone I tell the device that it uses the VLAN designed for the phones, one lan port is connected to the C2960 switch the other is to the pc that automatically connects to the other VLAN. How can I find on which port is the pc iff I do not know the location of the IP phone. sample of the configuration of the port interface FastEthernet0/3 switchport trunk native vlan 100 switchport trunk allowed vlan 100,200 switchport mode trunk Vlan 100 is the IP phone I did not setup this, it was done already , I know the best practice is interface FastEthernet0/3 switchport mode access switchport access VLAN 200 (data VLAN) switchport voice vlan 10 but still I am asking myself why all the ports are set as trunks. The gigabit ports to the concentrator should be set as trunks. I will add another switch tomorrow and try this setup. In my case I have located the mac address and the ip from the local arp table. I cannot locate it on which port of the switch c2960 the pc is connected because it says that the mac address of the PC is on the gigabit port and it is dynamic. The ip phones are siemens ecp 420 and they do support the SNMP protocol. The phones have two lan ports, one is connected to the c2960 and the other is connected to he pc. Maybe the c2960 sees the mac address as dynamic because the phone acts as and unmanaged switch for the pc. If I would type sh mac- add aaaa.bbbb.cccc it shows up the dynamic and the gigabit interface. So what is my next step, to log on to L3 concetrator and type sh cdp nei x/x det or sh eth summ and then number 5?
  12. The scenario is, I have 4500 as a dhcp server, and a couple of C2960 that are configured with Gi0/1 uplink port to the concetrator, every port on the C2960s are configured as trunk, have the default vlan 1, and two separate VLANs for IP telephony and PCs. Workstations are connected trough lan port on the telephone, that is the main reason why all the ports on the switch are configured as trunks. What I want to find a PC that I succesfully ping and have the mac address from the local arp table. Want to find on what port is it. But when I use the show mac address table command, table is listed and sorted by VLAN order , the mac address is shown as a dynamic on the gi0/1 port as many others, some are listed on the fastethernet port mu most are on gi0/1 which is the uplink interface. Any help would be appreciated.
  13. I have tried several ios-es, I manage to start SDM, but I cannot do additional tasks and cannot manage edit interfaces it justs do nothing. Which ios-es do you use that are fully compatible. Thanks in advance.
  14. Thanks for the reply. I have downloaded the Packet tracer, and the question now is are there and where can I find some scenarios like in the exam, and is this CBT video training that people usually use and is it enough. Thanks in advance.
  15. Downloaded the CBT nuggets 640-816 ICND2 & 640-822 ICND1 and quite satisfied with the reading, but the trainer suggest to buy the 815w router for practice. Because of the low budget could you suggest me or point the links for simulator or labs that I can combine and learn with CBT. Also is this material enough to pass the CCNA exam? Thanks in advance.