Sunday, November 6, 2011

Get Calendar permissions in Exchange 2010

If you need to give access to a mailbox for a certain user. You can through the Exchange management console give him full access.
How about if you need to give him only a read access to the calendar.
By default everybody in the organization has read free/busy time for the calendar of any mailbox in the organization. How about if you need to give a manager to be able to know what are the meeting, appointments for his employees. You need to give him Reviewer permission on the calendar of his employees.
You cannot do this in Exchange management console, you need to do it in Exchange management shell.
Add-MailboxFolderPermission -Identity "Employee1:\Calendar" -User Manager1 -AccessRights Reviewer

If you are looking for a job as System Analyst, i invite you to post your CV in the website below:
https://www.security-architecture.com/add-cv/

Thanks
Posted by CCIE consultant at 7:40 PM 0 comments

Monday, August 22, 2011

Get the Mailbox Size for a list of users in Exchange 2010

In the previous blog "Get Mailbox Size for an account in Exchange 2010", we talked on how to get the mailbox size for 1 user using the Microsoft Exchange Shell of Exchange 2010.
Now, we will explain how to get the mailbox size for a list of users.

It is very simple, Have the list of users sorted by line in a text file.
An example of the text file ITDepartment.txt file:

ITServices Montreal
Networking Montreal
Exchange2010 Montreal

where "ITServices Montreal"is the display name of the user. You can also use the email address, or the user principal name instead of the display name.We will the place the ITDepartment.txt file in the C:\Scripts folder.

What we need to do first is to get the list of the users inside this text file:
Try the command:
Get-Content "C:\Scripts\ITDepartment.txt"

The result will be:
[PS] C:\windows\system32>Get-Content "C:\scripts\ITDepartment.txt"
ITServices Montreal
Networking Montreal
Exchange2010 Montreal

[PS] C:\windows\system32>

Now for each line resulted from the Get-Content command, we need to run the MailboxStatistics, so we use the "|"

Now try the whole command:

[PS] C:\windows\system32>Get-Content "C:\Scripts\ITDepartment.txt" | Get-MailboxStatistics | Format-List -property displayName, TotalItemSize



DisplayName : ITServices Montreal
TotalItemSize : 61.18 MB (64,155,174 bytes)

DisplayName : Networking Montreal
TotalItemSize : 163 MB (170,937,036 bytes)

DisplayName : Exchange2010 Montreal
TotalItemSize : 25.03 MB (26,243,124 bytes)

[PS] C:\windows\system32>

I invite you to read another blog about recruitment and how to find a job
 http://findonejob.blogspot.ca/

I hope this blog was helpful, and I would like to thank you for reading.
Posted by CCIE consultant at 8:10 PM 0 comments

Get Mailbox Size for an account in Exchange 2010

Let's say we need to get the Mailbox Size of the user: ITServices

[PS] C:\Windows\system32>Get-MailboxStatistics -Identity ITServices  | Format-List -property displayName, TotalItemSize

DisplayName   : ITServices
TotalItemSize : 26.32 MB (27,601,859 bytes)

So In order to get the mailbox size
, you have to get the MailboxStatistics, but if you use only the command: Get-MailboxStatistics -Identity ITServices , you will not get the mailbox size, you will get the ITemCount and the storageLimitStatus


DisplayName               ItemCount      StorageLimitStatus       LastLogonTime
-----------                   ---------         ------------------        -------------
ITServices User           1792              BelowLimit                  22/08/2011 5:57:29 PM

To show all values of the Mailbox you need to use the command:
Get-MailboxStatistics -Identity ITServices | Format-List

If you need to show only the display name and the size value, then you must specify to show the properties "displayName" and "totatItemSize" only:

Get-MailboxStatistics -Identity   ITServices  | Format-List -property displayName, TotalItemSize


If you are looking or a System admninistrator position, create a profile in the recruitment website below:
http://www.security-architecture.com/

 I hope this was helpful, and I would like to thank you for reading.

Posted by CCIE consultant at 6:31 PM 0 comments

Saturday, May 28, 2011

Configure ASA Failover

I will explain in this article how to configure failover with a cisco ASA.
The product used in this article is an ASA5520-BUN-K9. ASA 5520 has a failover license included.

ASA 5520 has 4 Gigabit interfaces and 1 management interface. The management interface is a fastethernet interface.

Instead of using one of the Gigabit interface to create the failover, we will use the management interface.

The primary unit:



failover lan unit primary
we configured this unit as primary
failover lan interface FAILOVERINT Management0/0
we specified the Management0/0 interface to be used as the failover interface
failover interface ip FAILOVERINT 192.168.1.1 255.255.255.252 standby 192.168.1.2
we assigned active and standby ip address to the failover link
failover link FAILOVERINT Management0/0
Specifies the interface to be used as stateful failover link. If you added this command the Management0/0 interface cannot be use for anything else than failover
failover polltime unit 1 holdtime 5
failover polltime interface 1 holdtime 5
These 2 commands are used to specify the holdtime. If one interface goes down on the primary ASA, the secondary ASA will be the primary. The state of active/standby failover is not active until the interface that was down goes up again. The holdtime that the ASA failover status will know that the interface is up again. So the state of the failover will be heathy again and ready in case a second failure. You must configure this holdtime as low as possible, especially as in our case, we have dedicated physical interface for the failover.

failover
enable the failover

interface Management0/0
description this interface is used for failover
no shut
On the interface that was dedicated for the failover, we must not configure anything except making this interface up

The secondary unit:

failover lan unit secondary
we configured this unit as secondary
failover lan interface FAILOVERINT Management0/0
we specified the Management0/0 interface to be used as the failover interface
failover interface IP FAILOVERINT 192.168.1.1 255.255.255.252 STANDBY 192.168.1.2
we assigned active and standby ip address to the failover link
failover
we enabled failover

interface Management0/0
description this interface is used for failover
no shut
we brought up the the interface Management0/0 that will be used in failover.

I hope this article was helpful, and my explanation was clear.


https://www.security-architecture.com
Posted by CCIE consultant at 12:49 PM 0 comments

Saturday, May 14, 2011

OSPF Authentication

When we think about OSPF authentication, we have to think about negotiation between 2 routers:
  • The authentication method: it can be either clear text (type 1) or md5 (type 2). If the authentication method differs between 2 routers,  the neighbour relationship cannot be formed between these 2 routers, even if we set the authentication method without setting keys. Same case if one has authentication method enabled, while the other doesn't have.
  • The authentication key. Each key has an identifier and a value (alphanumeric). The router negotiate all of his keys, the same key number on both routers, must match the same value. Once there is one match, the authentication is successful.
Note that the authentication method type 0 means there is no authentication configured.
*May 14 10:38:57.843: OSPF: Rcv pkt from 192.168.253.5, FastEthernet1/0 : Mismatch Authentication type. Input packet specified type 2, we use type 0
OSPF Authentication method can be configured under interface configuration mode or router configuration mode. In both cases, the authentication process occurs per interface.
For example If I enter the command:
router ospf 1
area 0 authentication message-digest
This command lets the router enable md5 authentication on all interfaces that are in area 0.

Here is an example. The network is very simple. 3 routers connected to the same ethernet network with a network ID 192.168.253.0

Case1:
We will configure the authentication method on R3 to be type 1, and on R5 & R2 to be type 2

Router R5:
router ospf 1
log-adjacency-changes
network 192.168.253.5 0.0.0.0 area 0
interface FastEthernet0
ip address 192.168.253.5 255.255.255.0
ip ospf authentication message-digest
speed auto
end

Router R2:
router ospf 1
log-adjacency-changes
area 0 authentication message-digest
network 192.168.253.2 0.0.0.0 area 0
interface FastEthernet1/0
ip address 192.168.253.2 255.255.255.0
duplex auto
speed auto
end

Router R3:
router ospf 1
log-adjacency-changes
network 192.168.253.3 0.0.0.0 area 0
interface FastEthernet0
ip address 192.168.253.3 255.255.255.0
ip ospf authentication
speed auto

As you see that in Router2, I configured the authentication method under the router configuration mode :
 area 0 authentication message-digest  ; Will enable authentication type 2 on all interfaces that are in area 0
While in R3 and R5, We configured the authentication method under the interface configuration mode:
ip ospf authentication ; will enable authentication type 1 on interface f0 (R3)
ip ospf authentication message-digest  ; will enable authentication type 2 on interface f0 (R5)

If we try to see the neighbour relationship on R3:
Router R3:
R3#show ip ospf neigh
R3#

This debug is on Router R5:
00:25:01: OSPF: Rcv pkt from 192.168.253.3, FastEthernet0 : Mismatch Authenticat ion type. Input packet specified type 1, we use type 2
00:25:05: OSPF: Send with youngest Key 0
00:25:11: OSPF: Rcv pkt from 192.168.253.3, FastEthernet0 : Mismatch Authentication type. Input packet specified type 1, we use type 2

Now if we change the authentication method on Router 3, the neighbour relationship will be successful:
R3:
int f0
ip ospf authentication message-digest



R3#show ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
192.168.253.5 1 FULL/DR 00:00:38 192.168.253.5 FastEthernet0
172.18.20.20 1 FULL/BDR 00:00:31 192.168.253.2 FastEthernet0
R3#You can see the authentication type, by using the command: show ip ospf int
R2#show ip ospf int f1/0
FastEthernet1/0 is up, line protocol is up
Internet Address 192.168.253.2/24, Area 0
Process ID 1, Router ID 172.18.20.20, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 192.168.253.5, Interface address 192.168.253.5
Backup Designated router (ID) 172.18.20.20, Interface address 192.168.253.2
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:05
Supports Link-local Signaling (LLS)
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 192.168.253.5 (Designated Router)
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
No key configured, using default key id 0

If you see that there is no key configured, it uses default key 0 ( which by default has no value).

Case2:
Now that authentication method negotiation was successful, let us configure the keys.
For a clear text authentication (method type 1), you can configure only 1 key:
int f0
ip ospf authentication-key blogkey
where blogkey is the alphanumeric key, this negotiation is simple, it is only 1 key that must have the same alphanumeric match.

For the md5 authentication ( method type 2), you can configure as many keys as you want. Each 2 routers will check their key-ids, when there is key-id match they will negotiate the alphanumeric key.
int f0
ip opsf message-digest-key 30 md5 blogmd5key

If no key-id was found in both routers, that has the same alphanumeric, then the negotiation will fail, and the neighbour relationship will not be established.

I hope this was helpful for ospf authentication. Please don't hesitate to write your comments or questions
You can follow our FTP services and solutions blog on http://www.ftp.services




                                                                                    

Blog Tags:  CCNP CCNA CCIP CCIE Boot Camp Bangalore India Shanghai China IT Jobs Network Engineer Dubai  IT Manager North America  System Administrator Doha
Posted by CCIE consultant at 7:35 AM 0 comments

Monday, January 24, 2011

Shutdown Multiple PCs

To remotely run commands on a PC, you can use the PsTools "psexec" . You can donwload the pstools
from the Microsoft website. Also you need to have administrative access on the remote PC.
                             psexec \\PCToManage cmdToRun

Example: If I want to stop the spooler service on COMP1 from COMP2:
On COMP2, I type: “psexec \\COMP1 net stop spooler”

If you want to execute a command on multiple PCs, you write the names of these PCs in a textfile.txt then:
                     psexec @textfile.txt cmdToRun

Example:
If you want to try to shutdown a PC remotely you have to use “psexec @TESTSHUT.txt shutdown”
where TESTSHUT.txt is a text file that contains in each line the name of the PCs that you would like to
shutdown. An example of TESTSHUT.txt is
PC1
PC2
PC3
If you want to restart use the –r option.
If the remote computers are locked, or have running application, you must use the –f option

Ifyou want to include this in a vbscript, you have to use the run method - to run the Command prompt -
in a WshShell Object

Option Explicit
Dim objShell
set objShell = CreateObject("WScript.Shell")
objShell.run "%comspec% /k psexec @TESTSHUT.txt shutdown -r -f"
WScript.quit

If you are interested in finding a job in Information Technology or in any field. 
Post an ad in this website http://www.find1job.com/postad/employee/postadv.html

And if you are looking to hire somebody, you can also post an ad
 http://www.find1job.com/postad/employer/postadve.html
The website is completely free.

I hope my blog was helpful and I would like to thank you for reading 
Posted by CCIE consultant at 9:57 PM 0 comments

Saturday, January 22, 2011

MPLS VPN Configuration -1: Providing WAN connectivity for 2 customers

This blog is the first blog regarding MPLS VPN. The case is very simple, we have an ISP provider, in this diagram, the ISP provider is having the 2 routers pe1R and pe2R.


We have 2 customers, VPN-CUST-1 who has 2 sites connected to the MPLS network, and another customer VPN-CUST-2 who has 2 sites connected to the MPLS Network. The routing protocols are as the following diagram:Configuration for VPN-CUST-1:


What we will do here is give connectivity for each customer between his sites.
We will go in the beginning through the IBGP neighbor relationship between both Provider edge routers (pe1R, pe2R). They will establish the IBGP neighbor relationship through their loopback interfaces lo0.
Let’s take a look at the configuration of interfaces of lo0 and Fa1/0 of each of the 2 routers:


pe2R:
interface Loopback0
ip address 150.15.20.20 255.255.255.0
interface FastEthernet0/1
ip address 172.200.12.2 255.255.255.0
duplex auto
speed auto

pe1R
interface Loopback0
ip address 150.15.10.10 255.255.255.0
interface FastEthernet0/0
ip address 172.200.12.1 255.255.255.0
duplex auto
speed auto


So we need first to allow the reacheability between loopback interfaces of each router. Let’s configure EIGRP for this role

pe2R:
router eigrp 21
network 150.15.20.0 0.0.0.25
network 172.200.12.0 0.0.0.255
no auto-summary

pe1R:
router eigrp 21
network 150.15.10.0 0.0.0.255
network 172.200.12.0 0.0.0.255
no auto-summary


Now we should be able to ping from pe1R using lo0 as the source to pe2R’s lo0

pe1R#ping 150.15.10.10 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.15.10.10, timeout is 2 seconds:
Packet sent with a source address of 150.15.10.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
pe1R#

Enable MPLS on the inside interfaces of Provider routers

pe1R:
int Fa0/0
mpls ip

pe2R:
int Fa0/1
mpls ip
Now we have to create vrf Forwarding on the PE routers, then attach each vrf to the corresponding interface:
For VPN-CUST-1, we will assign a route distinguisher 1:1
For VPN-CUST-2, we will assign a route distinguisher 2:2
We will assign different route-target for Import and for Export. So for VPN-CUST-2, If we assign on 1st branch an export route target of 2:10 , and an import route-target of 2:1; on the the 2nd branch, we have to assign an export route-target of 2:1 and an import route-target 2:10. ( the routes that will be advertised (exported) from here, will be imported into the routing table there and vice-versa).
Take a look at the diagram to see the assignment of rd and route-targets.
pe1R
ip vrf VPN-CUST-1
rd 1:1
route-target export 1:1
route-target import 1:10
ip vrf VPN-CUST-2
rd 2:2
route-target export 2:1
route-target import 2:10
pe2R
ip vrf VPN-CUST-1
rd 1:1
route-target export 1:10
route-target import 1:1
ip vrf VPN-CUST-2
rd 2:2
route-target export 2:10
route-target import 2:1Implementing BGP between both PE routers. Note that in this diagram, I have the 2 PEs routers directly connected. If there is some P routers in the middle, you need only to implement IBGP between the PE routers. it is not needed to add the P routers to IBGP configuration
The pe2R configuration:
router bgp 200
bgp log-neighbor-changes
neighbor 150.15.20.20 remote-as 200
neighbor 150.15.20.20 update-source Loopback0
!
address-family ipv4
no neighbor 150.15.20.20 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 150.15.20.20 activate
neighbor 150.15.20.20 send-community extended
exit-address-family
Note that we add the neighbor under the global configuration, then under the section of vpnv4, we activate this neighbor. As we need this BGP neighbor relationship to be established only for MPLS VPN network, so we deactivate the neighbor relationship for the address-family ipv4 . The send-community is entered by default on this IOS ... . This command allows the router to send the rd and route-target to the other neighbor .
The pe1R configuration:
router bgp 200
bgp log-neighbor-changes
neighbor 150.15.10.10 remote-as 200
neighbor 150.15.10.10 update-source Loopback0
!
address-family ipv4
no neighbor 150.15.10.10 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 150.15.10.10 activate
neighbor 150.15.10.10 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN-CUST-2
no synchronization
exit-address-family
!
address-family ipv4 vrf VPN-CUST-1
no synchronization
exit-address-family

You can see that address-family for both vrf are automatically created under the bgp section

In order to verify that the routers have established BGP neighbor relationship, you have to try:

pe1R#show ip bgp vpnv4 all sum
BGP router identifier 150.15.10.10, local AS number 200
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
150.15.20.20 4 200 2 2 0 0 0 00:00:05 0
pe1R#
If you use "show ip bgp summary" , you will not see any neighbor relationship, because under the address-family ipv4, we deactivated the neighbor

As we established the neighbor relationship between both PE routers, we need now to configure routing between each PE and CE, in order to allow the Customer sites to communicate to each others.
In BGP configuration, we must have an address-family for each customer. Let's see VPN-CUST-2.
We will configure ospf between pe1R and ce2R4, and rip between pe2R and ce2R6. You can configure even IBGP, or static routing.
pe1R - - - ce2R4
The interface and OSPF configuration on ce2R4: ( I added a loopback interface to create an additional subnet).

Ce2R4:
interface Loopback0
ip address 150.15.40.40 255.255.255.0
!
interface FastEthernet0
ip address 172.17.14.4 255.255.255.0
duplex auto
speed auto
router ospf 99
log-adjacency-changes
network 150.15.40.0 0.0.0.255 area 0
network 172.17.14.0 0.0.0.255 area 0

On router pe1R:

Interface configuration facing ce2R4:
interface FastEthernet0/1
ip vrf forwarding VPN-CUST-2
ip address 172.17.14.1 255.255.255.0
duplex auto
speed auto
OSPF configuration:
router ospf 99 vrf VPN-CUST-2
router-id 150.15.10.10
log-adjacency-changes
network 172.17.14.0 0.0.0.255 area 0

Now we should be able to ping from pe1R to ce2R4, using : "ping vrf VPN-CUST-2 150.15.40.40"
In OSPF you specify a process for a vrf. While in RIP and EIGRP, you specify an address-family for a vrf under the main process.
Let's take a look at the routing configuration between pe2R and ce2R6

ceR6 Configuration:
interface Loopback0
ip address 150.15.60.60 255.255.255.0
!
interface FastEthernet0
ip address 172.17.26.6 255.255.255.0
duplex auto
speed auto
router rip
version 2
network 150.15.0.0
network 172.17.0.0
no auto-summary
pe2R Configuration:
interface FastEthernet2/1
ip vrf forwarding VPN-CUST-2
ip address 172.17.26.2 255.255.255.0
duplex FULL
speed auto
router rip
version 2
!
address-family ipv4 vrf VPN-CUST-2
network 172.17.0.0
no auto-summary
exit-address-family

Now we should be able to ping between ceR6 and pe2R.
 pe2R#PING vrf VPN-CUST-2 150.15.60.60
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.15.60.60, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/190/280 ms
pe2R#

If we look at the routing table of ceR6 or vrf VPN-CUST-2 routing table in pe2R, we still not seeing the other side route.
Gateway of last resort is not set
172.17.0.0/24 is subnetted, 1 subnets
C 172.17.26.0 is directly connected, FastEthernet0
150.15.0.0/24 is subnetted, 1 subnets
C 150.15.60.0 is directly connected, Loopback0
ce2R6#
If we look at
pe2R#sh ip bgp vpnv4 vrf VPN-CUST-2

pe2R#
There is no route,

In pe1R
:router ospf 99 vrf VPN-CUST-2
redistribute bgp 200 subnets
router bgp 200
address-family ipv4 vrf VPN-CUST-2
redistribute ospf 99 vrf VPN-CUST-2
In pe2R:
router rip
address-family ipv4 vrf VPN-CUST-2
redistribute bgp 200 metric 2

router bgp 200
address-family ipv4 vrf VPN-CUST-2
redistribute rip
The routing should work properly between both branches of VPN-CUST-2
pe1R#sh ip route vrf VPN-CUST-2
Routing Table: VPN-CUST-2
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.17.0.0/24 is subnetted, 2 subnets
B 172.17.26.0 [200/0] via 150.15.20.20, 00:03:13
C 172.17.14.0 is directly connected, FastEthernet0/1
150.15.0.0/16 is variably subnetted, 2 subnets, 2 masks
O 150.15.40.40/32 [110/2] via 172.17.14.4, 00:00:18, FastEthernet0/1
B 150.15.60.0/24 [200/1] via 150.15.20.20, 00:03:13
pe1R#

ce2R6#SH IP route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.17.0.0/24 is subnetted, 2 subnets
C 172.17.26.0 is directly connected, FastEthernet0
R 172.17.14.0 [120/2] via 172.17.26.2, 00:00:08, FastEthernet0
150.15.0.0/16 is variably subnetted, 2 subnets, 2 masks
R 150.15.40.40/32 [120/2] via 172.17.26.2, 00:00:08, FastEthernet0
C 150.15.60.0/24 is directly connected, Loopback0
ce2R6#

ce2R6#ping 150.15.40.40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.15.40.40, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 684/943/1776 ms
 
ce2R6#traceroute 150.15.40.40
Type escape sequence to abort.
Tracing the route to 150.15.40.40
1 172.17.26.2 32 msec 252 msec 276 msec
2 172.17.14.1 504 msec 544 msec 500 msec
3 172.17.14.4 684 msec 652 msec *
ce2R6#



Configuration of ce1R5:

interface Loopback5
ip address 150.15.50.50 255.255.255.0
end 
interface FastEthernet0
ip address 192.168.15.5 255.255.255.0
speed auto
end
 
router eigrp 51
network 150.15.50.0 0.0.0.255
network 192.168.15.5 0.0.0.0
no auto-summary
Configuration of pe1R: interface FastEthernet1/0
ip vrf forwarding VPN-CUST-1
ip address 192.168.15.1 255.255.255.0
duplex auto
speed auto
end
 
router eigrp 21
network 150.15.10.0 0.0.0.255
network 172.200.12.0 0.0.0.255
no auto-summary
!address-family ipv4 vrf VPN-CUST-1
autonomous-system 51
redistribute bgp 200 metric 100000 100 255 1 1500
network 192.168.15.1 0.0.0.0
no auto-summary


router bgp 200

address-family ipv4 vrf VPN-CUST-1
redistribute eigrp 51
no synchronization

. As you saw previously, that we used eigrp between as the internal routing protocol for the provider router. We are also using eigrp between the PE and CE routers for VPN-CUST-1. In order to do that, under the family of VPN-CUST-1, we have to specify another autonomous-system for that family.
Also for redistributing bgp into eigrp, we have to specify the metric 

 
 Configuration of ce1R7:
interface Loopback7
ip address 150.15.70.70 255.255.255.0
end
interface FastEthernet0
ip address 172.17.14.4 255.255.255.0
speed auto
end
router eigrp 72
network 150.15.70.0 0.0.0.255
network 172.17.14.0 0.0.0.255
no auto-summary
Configuration of pe2R:
interface FastEthernet2/0
ip vrf forwarding VPN-CUST-1
ip address 172.17.14.2 255.255.255.0
duplex auto
speed auto
end
 
router eigrp 21
network 150.15.20.0 0.0.0.255
network 172.200.12.0 0.0.0.255
no auto-summary
!
address-family ipv4 vrf VPN-CUST-1
redistribute bgp 200 metric 100000 100 255 1 1500
network 172.17.14.0 0.0.0.255
no auto-summary
autonomous-system 72

router bgp 200

address-family ipv4 vrf VPN-CUST-1
redistribute eigrp 72
no synchronization
exit-address-family
 Let's try to see the routing tables than ping: pe1R#sh ip route vrf VPN-CUST-1
C 192.168.15.0/24 is directly connected, FastEthernet1/0
172.17.0.0/24 is subnetted, 1 subnets
B 172.17.14.0 [200/0] via 150.15.20.20, 00:23:06
150.15.0.0/24 is subnetted, 2 subnets
D 150.15.50.0 [90/156160] via 192.168.15.5, 00:24:16, FastEthernet1/0
B 150.15.70.0 [200/156160] via 150.15.20.20, 00:23:06 
ce1R5#ping 150.15.70.70 source 150.15.50.50
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.15.70.70, timeout is 2 seconds:
Packet sent with a source address of 150.15.50.50
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 376/568/960 ms
As you saw in the diagram, the subnet 172.17.14.0 is used by the 2 customers. And specifically the ip address 172.17.14.4.
Now, each customer has access only to its own network
Posted by CCIE consultant at 8:12 PM 0 comments

Monday, January 3, 2011

See the debug of a router when connecting with telnet

In order to see the debug on a vty line, you have to use the keyword "monitor" under vty section. This is a copy ( the debug still appear on the console line).
But this command must be entered whenever a vty line is active.
If you disconnect from a line, then you re-connect again, you need to type again the monitor command, in order to see the debug.
Let's take a look. We have 2 routers:
(192.168.15.1) tlclient f1/0 ------ f0 tlserver (192.168.15.5)
I enabled debug ip dhcp packet on the tlserver.
If I try to enter the monitor under the line vty of tlserver, I get the reply:
tlserver(config)#line vty 0 15
tlserver(config-line)#monitor
VTY must be active
VTY must be active
VTY must be active
Now I telnet from the client to the server, as there is IP communication, the debug messages appears on the server, but they do not appear on the vty line. I will enter monitor only for the line that I am using:
tlclient#telnet 192.168.15.5
Trying ... Open
User Access Verification
Password:
tlserver>en
Password:
tlserver#CONF T
tlserver(config)#line vty 0
tlserver(config-line)#monitor
tlserver(config-line)#
03:04:49: IP: tableid=0, s=192.168.15.1 (FastEthernet0), d=192.168.15.5 (FastEthernet0), routed via RIB
03:04:49: IP: s=192.168.15.1 (FastEthernet0), d=192.168.15.5 (FastEthernet0), len 42, rcvd 3
03:04:49: TCP src=23952, dst=23, seq=2724698209, ack=947203130, win=3821 ACK PSH
03:04:49: IP: tableid=0, s=192.168.15.5 (local), d=192.168.15.1 (FastEthernet0), routed via RIB
03:04:49: IP: s=192.168.15.5 (local), d=192.168.15.1 (FastEthernet0), len 42, sending
So the debug for the router tlserver is copied to the vty line 0 to which tlclient is using to connect
You can follow our FTP services and solutions blog on http://www.ftp.services

 I hope this was helpful, and I would like to thank you for reading
Posted by CCIE consultant at 5:00 PM 0 comments
Subscribe to: Posts (Atom)