2013年9月30日星期一

What is the configuration of the HSRP

The configuration of the HSRP command syntax WS-C2960S-48LPD-L Price is as follows:
1, the configuration of HSRP member Switch (cofnig-if) #standby group-number IP virtual-ip-address
Group-number: said HSRP group the port belongs to, by assigning a unique number in the backup command to create multiple HSRP group. Virtual-ip-address: virtual HSRP router's IP address, the segment of the IP address.
2, the configuration of HSRP priority
Switch (cofnig-if) #standby group-number priority priority-value
Priority-value: the range of 0-255, the default 100.
3, the configuration of HSRP preemption
Switch (cofnig-if) #standby group-number preempt
Preemption explanation: HSRP high priority in the active router for regular maintenance,HSRP backup router will become the active router. But when the previous high priority active router repaired and added to the HSRP, if you do not configure the preemption right, it will not be from the backup router snatches the active router position, even if it is a higher priority than the backup router configuration, if the words, will be from the low priority router snatchesthe active router position.
4, the configuration of HSRP port tracking
Switch (cofnig-if) #standby group-number track interface-type mod/num interface-priority
Group-number group: the tracking function of port
Interface-type: port type tracking port
Mod/num: the port number tracking port
Interface-priority: when the port failure, hot backup priority router will reduce the value, when the port is available, the router priority will add the value, the default is 10.
Explanation: if you do not set the port tracking port tracking it, when a port router is not available, but it still sends a hello message to tell the other router, the router is available, thedata transmission is not out. When the active router port configuration tracking, when tracking the port is not available, the active router priority will reduce the corresponding value,when becomes available, increased the corresponding value. Switching effect providing faultit very flexible.
5, the configuration of Hello message.
Switch (cofnig-if) #standby group-number times hellotime holdtime
Time interval, the hellotime:hello message of the default 3S, 1-255.
Holdtime:hello message storage time, the default 10s, usually set to three times the Hello interval.
6, check the status of the HSRP
Switch#show standby [interface-type mod/num] [group-number] Brief
Interface-type mod/num: to display the port type and serial number
Group-number: the HSRP display

Brief: display summary information, each backup WS-C2960S-48LPD-L  set up display a line output.
More information, please view: http://www.3anetwork.com

2013年9月26日星期四

The intelligent experience: Cisco 2960 WS-C2960-24PC-L: US$850.00

Cisco 2960 WS-C2960-24PC-L list price: US$2495.00, according to our research on WS-C2960-24PC-L Price, the best price is from, http://www.3anetwork.com/cisco-ws-c2960-24pc-l-price_p8.html, 850 USD, You Save: US$1645.00 (66% off)
CISCO WS-C2960-24PC-L two intelligent switch, maximum power is 24 port 15.4 Watt,provided to the seamless connection of PoE equipment, including the Cisco IP phone, CiscoAironet ® wireless LAN access point and comply with IEEE 802.3af standards of anyterminal equipment.
CISCO WS-C2960-24PC-L switches use IOS software rich functions, including the localcharacteristics, second layers of intelligent quality of service (QoS) guarantee full,comprehensive security protection and network management features; and through PoE MIBto check the power usage, and the user can set different power threshold.
Switch type: Fast Ethernet switch
Transmission rate: 10/100Mbps
The application level: Two layer
Exchange mode: Store and forward
Backplane bandwidth: 16Gbps
Packet forwarding rate: 6.5 Mpps
Port structure: A fixed port
Processor
-
Memory: 64 MB DRAM, 32 MB flash memory
The MAC address table: 8K
The VLAN function
Support: MTBF
-
Cisco network parameters WS-C2960-24PC-L
Network standards:
IEEE 802.1D, IEEE 802.1p, IEEE 802.1Q, IEEE 802.1s, IEEE 802.1w, IEEE 802.1x, IEEE802.1AB (LLDP), IEEE 802.3ad, IEEE 802.3ah, IEEE 802.3x, IEEE 802.3, IEEE 802.3u, IEEE802.3ab
Network protocol
-
Transmission mode
The network management function: SNMPv1, SNMPv2c, and SNMPv3
Stack function: Stackable
Cisco WS-C2960-24PC-L port parameter
Interface number: 24
Interface type:
24 Ethernet 10/100 PoE ports and 2 dual-purpose uplink ports
Other parameters Cisco WS-C2960-24PC-L
Other functions:
Strengthen the safety function
Choose a variety of Ethernet performance
Network management system upgrade
The network media
-
Safety
UL 60950-1, First Edition
CUL to CAN/CSA 22.2 No. 60950-1, First Edition
TUV/GS to EN 60950-1, First Edition
CB to IEC 60950-1 with all country deviations
AS/NZS 60950-1, First Edition
CE Marking
NOM (through partners and distributors)
Authentication
-
Environmental Science
-
Cisco WS-C2960-24PC-L electrical specifications
The power supply voltage: 100 - 240 VAC
Rated power: 100W, PoE:370W
The appearance of Cisco WS-C2960-24PC-L price parameters: LED indicator
-
Size: 44 x 445 x 332 mm
Weight: 5.4kg

More information, please view: http://www.3anetwork.com

2013年9月25日星期三

Password recovery of the Cisco 2960 enable

1, restart the switch, hold down WS-C2960-48PST-L the mode button in the boot 30S;
2, in boot mode, there will be three display item, enter the flash_init command, started to initialize flash;
3, enter the load_helper command, and then type dir flash: command, the contents of the fileto view in flash;
4, changed its name to flash in the config.text file, such as config-old.text;
The 5, execute the boot command to reboot the switch, as: "would like to..." prompt, enter the no
6, the modified config-old.text to restore the original name, and then execute copyflash:config.text system:running-config;
7, use the enable command to WS-C2960S-24TD-L Price reset the password;
8, save the configuration

More information, please view: http://www.3anetwork.com

2013年9月24日星期二

Cisco Catalyst 3750: remove duplicate files of Linux

Question:  Using the Cisco 3750V2 , remove duplicate files of Linux
I don’t know how to set, help?!!
Answer: Here are the settings
Linux fdupes can use this small software:
Fdupes can delete the specified directory duplicate files, support for subdirectory. After the trial, this software is really nice!
Installed with the following command Ubuntu:
Sudo apt-get install fdupes
In the /etc directory to find duplicate files
Fdupes /etc
Look in the /home directory and all subdirectories of duplicate files
Fdupes -R /home
Delete unnecessary files, use the D parameter
Fdupes -d / tmp/ ABC
Catalyst 3750 is next-generation energy-efficient Layer 3 Fast Ethernet stackable switches while 3750X is layer 3 GE switches. The Cisco Catalyst 3750 v2 Series consumes less power than its predecessors 3750. The 3750-X Series Switches are enterprise-class lines of stackable and standalone switches with StackWise Plus technology, they are the replacement of Cisco 3750G and 3750E switches. 3Anetworkcom keeps many stocks for 3750V2 and 3750X switches. Among all Cisco Catalyst 3750 switches, WS-C3750V2-24TS-S and WS-C3750X-24T-S are best selling models. 3Anetwork.com offers best Cisco 3750X Price, Cisco 3750V2 Price, Cisco 3750X Price, ship to worldwide. 
More information, please view: http://www.3anetwork.com


2013年9月23日星期一

How to use Cisco ethernet switch connecte to the MAC

Cisco ethernet switch manufacturers according cisco aironet 2600 price to market demand, launched the three layer and four layer switch, but in any case, its core function is still the two layer Ethernet data packet, it will greatly increase the processing speed switch.
The switch is an MAC address recognition based on network equipment, can complete the package packet forwarding. The switch can "learn" MAC address, and it is stored in theinternal address table, a switching path temporary through between the data frame of theoriginator and target recipient, the data frame directly to the destination address from the source address.
1 The switch according to the received data frame mapping the source MAC address in theaddress with a switch port, and writes them to the MAC table.
2 The switch to the data frame in the destination MAC address with the established MACaddress table to compare, to decide which port forwarding.
3 If the data frame in the destination MAC address is not in the MAC address table, to all port forwarding. A process called flooding (flood).
4 Broadcast frames and multicast frames to all port forwarding.
Ethernet switch understand each port is connected to the MAC address of the device, and the address and the corresponding port mapping up and stored in the cache of the switchMAC address table. Forward / filter: destination address when a data frame in the MACaddress table in the mapping, it is forwarded to nodes connected to the port instead of all ports (such as the data frame for broadcast / multicast frame is forwarded to all ports).
Eliminate the loop: when the switch includes a redundant circuit, Ethernet switches byspanning tree protocol to avoid circuit produce, while also allowing the backup path.
1 Each port of switches the connected network is a separate collision domains.
2 Switches the connected device is still in the same broadcast domain, that is to say, the switch does not isolate broadcast (the only exception is in an VLAN environment).
3 Switches based on the frame header information is forwarded, so that the switch is a network device at the data link layer (here refers only to the switch layer two switchtraditional).

Working principle of the switch is, when a port receives a data frame, first check to the data frame's destination MAC address in the MAC address table (CAM) corresponding to the port,if the destination port and the source port is not the same port, the frame forwarding from thedestination port, port and the corresponding relation between the update the source addresstables in the source MAC MAC at the same time; if the destination port and the ws-c2960-48pst-l source port,then discards the frame.

Application of Cisco Catalyst 2960

Cisco Catalyst 2960 series ws-c3750x-48t-s intelligent Ethernet switch is a fixed configuration of new,independent equipment series, desktop 10/100/1000 and fast Ethernet Gigabit Ethernet connections, which can provide enhanced LAN services for entry-level enterprise, mid market and branch network.
Cisco Catalyst 2960 series intelligent Ethernet switch is a fixed configuration of new,independent equipment series, desktop 10/100/1000 and fast Ethernet Gigabit Ethernet connections, which can provide enhanced LAN services for entry-level enterprise, mid market and branch network.
Function:
Provides the intelligent characteristic of the edge of the network, such as advanced access control list (ACL) and enhanced security features.
Double medium uplink port provides Gigabit Ethernet uplink flexibility, can use copper or fiber optic uplink port. Each pair of medium uplink port has a 10/100/1000 Ethernet port and an SFP Gigabit Ethernet port, wherein the activation in the use of a port, but not at the same time, the use of these two ports.
By means of advanced QoS, accurate rate limiting, ACL and multicast service, the realization of the network control and bandwidth optimization.
Through various authentication methods, data encryption technology and based on networkaccess user, port and MAC address control, the realization of the network security.
Through the embedded device manager and Cisco network assistant, simplify the networkconfiguration, upgrading and troubleshooting, a part can be used as the middle market or the branches of the solution.
original new Cisco networking equipments, including Cisco Catalyst switches, Cisco
routers, Cisco firewalls, Cisco wireless products, Cisco modules and interface
cards products, 3Anetwork.com are most competitive on Cisco switches, like Cisco
2960 switches, Cisco 3560V2 3560X switches, Cisco 3750V2 3750X switches. Our
customers include Cisco resellers, system integrators, ICT companies, online
retailers etc. Right now most of our sales are contributed by regular customers.
Our CCIE headed technical team can glc-lh-smd provide network design, products installation
and configuration, trouble shooting etc.
More: http://www.3anetwork.com


2013年9月19日星期四

14 Ways to protect the router strokes

Router is the main equipment of network system, Catalyst 3750X network security is thefrontier pass.
Here are some specific measures to strengthen the security of router, the router itself to stop the attack, and prevent the network information is stolen.
1 Increase the authentication function for inter router protocol exchange, improve network security
An important function of the router's routing management and maintenance,now has a certain scale network protocol by dynamic, commonly used are:RIP, EIGRP, OSPF, IS-IS, BGP etc.. When a set of the same protocol and the same area identifier router joining network, will study the routing table information network. But this method may lead to network topology information leakage, may also be due to the network to send its own routing table routing table information, disrupt the normal work on the network, serious when cancause paralysis of the entire network. The solution to this problem is toauthenticate routing information exchange between network routers within.When the router is configured authentication mode, will identify routing information receiving party. There are two kinds of identification methods,including "plain text" low security, recommend the use of "MD5".
2 Physical security for the router
Router control port is a privileged port, if the attacker in physical contact withthe router, power-off restart, the implementation of the "password recoveryprocess", then login router, can completely control the router.
3 The protecting password for router
In the router configuration files in the backup, password even if stored in encrypted form, the password in plaintext still break may. Once the passwordleakage, the network has no security at all.
4 Stop checking diagnostic information on the router 
The close command is as follows: no service tcp-small-servers no service udp-small-servers
5 Stop checking current user list on the router 
Close the command: no service finger.
6 Close CDP service
Based on OSI two layer protocol link layer can be found in some configuration information to end router: equipment platform, operating system version, port,IP address and other important information. Use the command: no CDPrunning or no CDP enable off this service.
7 Prevent router receives with source routing marking of packages, with asource route option data flow dropping
"IP source-route" is a global configuration command, allows the router to deal with the source route option labeled data streams. Enable the source routingoption, source routing information specified routing the data flow can cross the default routing, the packet may bypass the firewall. The close command is as follows: no IP source-route.
8 Close packet forwarding on the router 
Sumrf D.o.S attack to broadcast forwarding configured router as a reflectionplate, occupation of cyber source, or even network paralysis. Close the routerpacket in each application port "no IP directed-broadcast".
9 Manage the HTTP services
The HTTP service provides Web management interface. "No IP HTTP server"to stop the HTTP service. If you must use HTTP, be sure to use the access list"IP http access-class" command, strict filtering allows IP address, at the same time set authorization limit "IP HTTP authentication" command.
10 Against spoofing (cheating) attack
The use of access control lists, filter out all the target address for the internal network from network broadcast address and claimed, but from the outside.The router port configuration: IP access-group list in number access control list as follows: access-list number deny ICMP any any redirect access-listnumber deny IP 127.0.0.0 0.255.255.255 any access-list number deny IP224.0.0.0 31.255.255.255 any access-list number deny IP host 0.0.0.0 anynote: these four commands will filter the data in BOOTP/DHCP applicationpackage, used in similar contexts to have a good understanding of.
11 Avoid packet sniffer
Hackers often will be sniffing software installed on has invaded the networkcomputer, monitor network data flow, thus stealing passwords, including SNMPcommunication code, including router login and password privileges, so it is difficult for network administrators to ensure the security of network. Don't use non encryption protocol logging router in an untrusted network. If the routersupport encryption protocol, use SSH or Kerberized Telnet, or use IPSecencryption router all management flow.
12 Validity check data flow path
The use of RPF (reverse path forwarding) reverse path forwarding address,because the attacker is illegal, so the attack packets are discarded, so as to achieve the purpose of defending against spoofing attack. Reverse pathforwarding RPF configuration command: IP verify unicast rpf. Note: the first tosupport CEF (Cisco Express Forwarding) fast forwarding.
13 Prevent SYN attacks
At present, some router software platform can open TCP interception function,prevent SYN attack, the work model of interception and monitoring of two, the default is to intercept model. Router (interception model: in response to the arrival of the SYN request, and instead of the server sends a SYN-ACK message, and then wait for the client ACK. If you receive a ACK, then sendsthe SYN message to the server; the monitor mode: router allows SYN requestdirectly to the server, if the conversation in 30 seconds is not established, the router sends a RST, to clear the connection). First, the configuration access list, prepared to open the need to protect the IP address: access list [1-199][deny|permit] TCP any destination destination-wildcard and TCP Ip TCP, open the intercept intercept mode intercept: Ip TCP intercept list access list-numberIp TCP intercept mode Watch
14 Use the SNMP management plan
SNMP is widely used in monitoring, configuration of router. SNMP Version 1 inmanagement application through the public network, the security is low, not suitable for the use of. Access list is only allowed from a particular workstationSNMP access through the security properties of this function can improveSNMP service. Configuration commands: snmp-server community xxxxx RW XX;XX is the access control list No. SNMP Version 2 using MD5 digital identityauthentication. Digital signature code different routers different equipment configurations, this is an effective means to improve the overall safetyperformance.

In short, the router security is an important part of network security, but alsomust cooperate with other security precautions, so as to WS-C2960S-24TS-L Price build up the whole project safety precautions.
More information about switch and router, please view :http://ciscoswitches.webgarden.com/