Wednesday, October 29, 2014

Configure Cisco 2811 ATM module



Configure Cisco 2811 ATM module

If you need too configure an ATM module on a cisco router don't hesitate its the simplest task ever:

interface ATM0/0/0
 description Connected to hell :))
 ip address 10.20.152.210 255.255.255.252
 no atm ilmi-keepalive
 pvc 7/92
  cbr 1024
  encapsulation aal5snap

Corecess R1 - AD DSLAM Configuration

Corecess R1 - AD DSLAM Configuration

Corecess R1 - AD DSLAM Configuration
This is a sample configuration for R1-AD Corecess DSLAM that I hope be useful  for you:

Building configuration...

Current configuration:
!
! version  0.78
!
hostname Dslam-Lab
dsl
adsl speed 2/1-48 ds 512 us 512

service tcp syncookies
!
snmp-server contact Unknown
snmp-server location Unknown
snmp-server enable rmon
!
system fan enable 30 20
system temperature enable 90 80
module 2 access-type protected
!
port adsl 2/1-48.1 pvc 0/35
port adsl 2/1-48.1 qos-service unshape
!
vlan id 2 name NMS
vlan id 10 name Accesss
dot1q port gigabitethernet 1/1 tag 2,10
dot1q port adsl 2/1-48.1 pvid 10
!
interface vlan id 2
ip address 10.10.10.2/24
!
ip route default 10.10.10.1
!
line vty 0 10
!
no ntp
!
Dslam# sh dsl vc
2/28.1
VirtualPortIndex: 3/1 IfIndex: 51 BridgeIndex: 129
Name: DEFAULT VLAN: 10
VPI/VCI 0/35
Service Category : unshape
Traffic Parameters : PCR/SCR/MBS/CDV 2320/2320/2320/0

2/31.1
VirtualPortIndex: 3/2 IfIndex: 53 BridgeIndex: 130
Name: DEFAULT VLAN: 10
VPI/VCI 0/35
Service Category : unshape
Traffic Parameters : PCR/SCR/MBS/CDV 2320/2320/2320/0

Dslam-Lab# show vlan
VLAN Name             Status   Slot/Port(s)
---- ---------------- -------- ------------------------------------
1    DEFAULT          active   1/1-2         
                               2/1-48        

2    NMS              active 
10   Accesss          active 
VLAN Interface  IGMPs    STP      Private  Promisc Port(s)
---- ---------- -------- -------- -------- ------------------------
1    disable    disable  enable   Disable  None                   
2    enable     disable  enable   Disable  None                   
10   disable    disable  enable   Disable  None                   
Dslam-Lab# show dot1q port adsl 2/28
Port        PVID  Acceptable frame types  Ingress filter
----------  ----  ----------------------  --------------
2/28         1     all                      off         

Dslam-Lab# show dot1q port adsl 2/28.1
Port        PVID  Acceptable frame types  Ingress filter
----------  ----  ----------------------  --------------
2/28.1       10    all                      off         

Dslam#

Huawei AR 18-33 L3 configuration



 In some situation you need to configure this modem as a layer 3 device so this is a sample configuration Huawei AR 18-33 Layer3 configuration:

# sysname Quidway
# super password level 3 simple admin
# bridge enable
# interface Ethernet1/0
# ip address 192.168.200.1 255.255.255.252
# interface Atm2/0
  shdsl wire 2
  pvc 0/35
  map ip inarp
# ip address 10.51.182.122 255.255.255.248

# interface Tunnel0
  mtu 1476
  ip address 172.19.20.58 255.255.255.252
  source 10.51.182.122
  destination 10.30.71.10

# interface NULL0

# interface LoopBack100
  ip address 79.127.125.10 255.255.255.255

# ip route-static 0.0.0.0 0.0.0.0 10.51.182.121 preference 60
# ip route-static xx.127.80.0 255.255.255.128 192.168.200.2 preference 60

# user-interface con 0
  set authentication password simple admin
# user-interface vty 0 4
# set authentication password simple admin

return
<Quidway>

Huawei AR 18-33 firmware

Huawei AR 18-33 firmware
Some times you need to upgrade or downgrade this modem's firmware, I had version 3.3, so I put this link just for you :)

Download firmware here




Huawei ATM modem AR 18-33 L2 Configuration


Huawei ATM modem AR 18-33 L2 Configuration

Huawei Quidway AR 18-33  layer 2 configuration :

[Quidway] system-view (enter)
[Quidway] bridge enable (enter)
[Quidway] bridge 1 enable (enter)
[Quidway] undo ip option source-routing (enter)
[Quidway] interface ethernet 1/0 (enter)
[Quidway-ethernet 1/0] promiscuous (enter)
[Quidway-ethernet 1/0] bridge - set 1 (enter)
[Quidway-ethernet 1/0] undo shutdown (enter)
[Quidway-ethernet 1/0] quit (enter)
[Quidway] interface Atm 2/0 (enter)
[Quidway-Atm2/0] bridge - set 1 (enter)
[Quidway-Atm2/0] pvc 0/35 (enter)
[Quidway-atm-pvc-Atm2/0] quit (enter)
[Quidway-Atm2/0] undo shutdown (enter)
[Quidway-Atm2/0] quit (enter)
[Quidway] quit (enter)
[Quidway] save safely (enter)




Cisco URL filtering configuration

Cisco URL filtering configuration
Cisco URL filtering configuration

This is my show run for this purpose:


sh run
Building configuration...

Current configuration : 1489 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
!
!
no ip domain lookup
ip inspect name test http urlfilter
ip urlfilter max-request 500
ip urlfilter max-resp-pak 150
ip urlfilter cache 4500
ip urlfilter exclusive-domain permit www.yahoo.com
ip urlfilter exclusive-domain permit www.360.yahoo.com
ip urlfilter exclusive-domain permit acc.asiatech.ir
ip urlfilter audit-trail
ip urlfilter urlf-server-log
ip urlfilter server vendor websense 192.168.10.3
!
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 ip inspect test in
 no ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 172.16.28.220 255.255.255.0
 ip nat outside
 no ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
 no fair-queue
 clock rate 2000000
!
interface Serial0/0/1
 no ip address
 shutdown
 clock rate 2000000
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.28.1
!
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 permit 192.168.10.0 0.0.0.255
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
!
end

Router#
Router#

Configuring CISCO switch to run SDM



Configuring switch to run SDM

Follow the instructions below to configure a switch to run SDM.

Step 1:

Connect to your switch using Telnet, SSH or via console.

Enter the global configuration mode using the command:

Router>enable

Router#conf terminal

Router(config)#

Step 2 :

Enable the router's HTTP/HTTPS server, using the following Cisco IOS commands: 

Router(config)# ip http server

Router(config)# ip http authentication local

Note:- HTTPS is enabled only for crypto enabled IOS images.

Step 3:

Create a user with privilege level 15.

Router(config)#aaa new-model

Router(config)#aaa authentication login default local

Router(config)# username <username> privilege 15 password 0 <password>

Note:- Replace <username> and <password> with the username and password that you want to configure.

Step 4:

Configure SSH and Telnet for local login and privilege level 15:

Router(config)# line vty 1 15

Router(config-line)# privilege level 15

Router(config-line)# login authentication default

Router(config-line)# transport input telnet

Router(config-line)# exit

Step 5: (Optional)

Enable local logging to support the log monitoring function: 

Router(config)# logging buffered 51200 warning





Wednesday, October 22, 2014

Cyberoam doesn't show group members

Problem : you create a group in active directory, add it to cyberoam (http://kb.cyberoam.com/default.asp?id=1627 ) but when you open your group in cyberoam you cant see users in that group.

Cause : Cyberoam will not show the group members until they are log into Cyberoam portal.

Solution: i don't know any solution to this , but if you cant see the group members in cyberoam it doesn't mean that the policy  you've applied to the group will not apply to the members. so don't worry your setup will work even if you cant see the group members.