Author: Samuel Mitchell

A Cloud Engineer who is Microsoft, VCP6.5 and CCNA, CyberOPS certified. I have experience in various on-premise technologies ranging from VoIP Telephony systems, networking, Virtualization, security, servers and Cloud. I have changed my career path to the Cloud since it is the path that utilizes all my skillsets learnt over the years. My ultimate goal is to become a Solutions Architect who uses technologies to improve and enhance business process.

Configuring similar Cisco features on an HP 2530 switch

by Samuel Mitchell, posted in HP, Routing & Switching, Uncategorized

I had the privilege to learn another vendor’s switch configure from HP. This article will be about Configuring the following parameters in a HP 2530 similar what you will do in a Cisco access switch:

  • Access port (edge port)
  • Trunk ports (tagged port)
  • Port security (MAC security)
  • Ether channel  (LAG)
  • Spanning tree
  • Portfast
  • Enable secret password
  • SNMP
  • Switch virtual Interface  (SVI)
  • Vlan default gateway
  • Show logging on the console

Before I begin we need to know that there are two main standards in the networking world, it is either Cisco or IEEE. So vendors like HP will only follow the IEEE standards. With that being said, let us begin:

What I am going to do is to show the Cisco way of the commands for the particular feature followed by HP.

1. Trunk ports: we know that Cisco switch has two protocol Used to develop a trunk port; ISL and 802.1Q (IEEE standard). Although the newest Cisco are no longer supporting ISL as it is being faced outed.

CISCO: 

SW(config-if)# switchport trunk encapsulation dot1q

SW(config-if)# switchport mode trunk
SW(config-if)# switchport trunk allow vlan 1-5
SW(config-if)# switchport trunk native vlan 5

HP:

SW(configure)# int 49

SW(eth-49)# tagged vlan 1-4

SW (eth-49)# untagged vlan 5

 

2. Creating and configuring Voice vlan on a switch port that tells the IP Phone which vlan to use for communication.

CISCO:

SW(config)# interface f0/1

SW(config-if)# switchport voice vlan 6

HP:

SW(configure)# vlan 6

SW(vlan-6)#voice

SW(configure)#int 1

SW(eth-1)#tagged vlan 6

 

3. Configure Spanning-tree portfast to let the port transition into forwarding state immediately and also this configures the port as a access/edge port.

CISCO:

SW(config)# interface Fa0/1

SW(config-if)# switchport mode access

SW(config-if)# switchport access vlan 2

SW(config-if)# spanning-tree portfast

HP:

SW(configure)# spanning-tree 1 admin-edge-port

SW(configure)# interface 1

SW(eth-1)# untagged vlan 2

 

4.  Configure BPDU Guard to prevent a switch from connecting to a access port by shutting it down.

CISCO:

SW(config)#interface range fa0/1 – 24

SW(config-if-range)#spanning-tree bpduguard enable

HP:

SW(configure)# spanning-tree 1-24 bpdu-protection

 

5. Configure RSTP protocol to prevent loops in a network.

CISCO:

SW(config)# spanning-tree mode rapid-pvst

HP:

SW(configure)# spanning-tree

SW(configure)# spanning-tree force-version rstp-operation

 

6.  Configure Port security using mac address restriction and limiting the number of devices connected.

CISCO:

SW(config)# interface range f0/1 – 24

SW(config-if-range)# switchport port-security

SW(config-if-range)# switchport port-security maximum 2

SW(config-if-range)# switchport port-security violation restrict

HP:

SW(configure)# port-security 1-24 learn-mode limited-continuous address-limit 2

 

7. Configuring SNMP on the switch for monitoring tool to access the switch status.

CISCO:

SW(config)# snmp-server community [string-password] ro

HP:

SW(configure)# no snmp-server community public

SW(configure)# snmp-server community [string-password] restricted

 

8. Configure username and password on the switch.

CISCO:

SW(config)# username admin privilege 15 secret [password]

HP:

SW(configure)# password manager user-name [admin] plaintext [networkpassword]

 

9. Configure Etherchannel or Link Aggregation (LAG) port to bundle two or more ports together. Remember that LACP is the standard protocol for other vendors except Cisco.

CISCO:

SW(config)# interface range Fa0/47 – 48

SW(config-if-range)#channel-protocol lacp

SW(config-if-range)# channel-group 1 mode active

HP:

SW(configure)# trunk 47-48 trk1 LACP

 

10. Configure Switch Virtual Interface IP address and default gateway.

CISCO:

SW(config)# ip default-gateway 10.1.1.1

SW(config)# int vlan 1

SW(config-if)# ip address 10.1.1.10 255.255.255.0

SW(config-if)# no shutdown

HP:

SW(config)# ip default-gateway 10.1.1.1

SW(config)#int vlan 1

SW(vlan-1)#ip address 10.1.1.10 255.255.255.0

 

11. Show logging on the console

Cisco:

SW(config)# terminal monitor

HP:

SW# debug destination session

SW# debug event

IPv4 Subnetting

by Samuel Mitchell, posted in Uncategorized

While studying for the CCNA exam, at the time I was struggling with subnetting of IPv4 addresses and understanding how they arrive at the answer provided. I can now safely say that I have developed a method to master the subnetting without even working out the binary results.

Here we go:

  1. We need to know the basic/ standard addressing scheme (classful):
    • Class A :                       1 – 126
    • Class B:                        128 – 191
    • Class C:                        192 – 223
    • Class D (multicast):  224 – 239
    • Class E (reserved):    240 – 255
  2.  To be continued…..

Standard configuration of an access layer switch (Cisco)

by Samuel Mitchell, posted in Routing & Switching, Security

Over the years I have developed a number of parameters that needs to be configured on the Cisco switch. See below the features that you should consider to be enable or configured on the switch:

  1. logging synchronous – this feature allows your commands not to be interrupted by syslog messages because it can be annoying when you are typing a command and in the middle of it, you get a syslog message which breaks your command line.
  2. service password-encryption – this feature enables your system password to be encrypted with MD5 hash which is usually stored in the startup or running configuration file as clear text. This helps to add another layer of security for on-lookers. Although the MD5 hash password is easily reversible using google search, alteast it is not easily readable with just a glance. Note: this only encrypts password for the commands enable password, line vty and console passwords. Enable secret uses an irreversible encryption.
  3. enable secret – it is best to use this privilege mode password command than using enable password since it is more secure and the password is encrypted which is irreversible as mentioned in previous point.
  4. vtp mode transparent – although VLAN Trunking Protocol (VTP) is a great way of managing the vlan database for multiples switch, it can pose a problem if anything goes wrong with misconfiguration from any switches that is apart of the VTP domain.  It is also cisco’s best practice to convert all switches to transparent mode and manually manage the vlan  individually on each switches which will leave no room for error. This error can in fact cause a network outage that will take hours to reconfigure depending on the scale of your LAN.
  5. transport input ssh – it is good practice to secure your connection to your switches using ssh as it prevent persons from using tools such as wireshark to get password information for protocol (telnet) which send username and password in clear text. SSH encrypts the username and password in transit from source to device. this feature can be applied at the line vty port.

As I go along, I will update this article to reflect more parameters to configure on a network device for the best performance and security.

Setting up an Cisco Lightweight AP previously configured

by Samuel Mitchell, posted in Wireless

We had a problem at work where we had to change the IP address of the Cisco Wireless controller (WLC) and as a result all the APs were orphans with no way to rejoin the WLC.

In our environment, we did not have the CISCO-WAP-CONTROLLER configured in the DNS server so the APs had no way of getting the new WLC IP address.

I had to connect to each APs via the console port (blue) using a serial cable. When I connected to it, I used the default login of Cisco/Cisco which is factory default configured username and password for any APs that joins an cisco WLC.

When I login and went to the privilege mode using command enable. after you have entered the privilege mode, you can use the following AP commands to manually configure the AP network settings and controller IP address to ensure it rejoins the WLC:

  • AP# capwap ap ip address 192.168.0.5 255.255.255.0
  • AP# capwap ap ip default-gateway 192.168.0.1
  • AP# capwap ap controller ip address 192.168.0.2 255.255.255.0

These commands sets the AP’s IP address manually and the controller ip address that the AP should use to register.

 

 

CCNA Routing & Switching Preparation Tools

by Samuel Mitchell, posted in Routing & Switching

When preparing for my exam, I have used the following resources to get started on my journey to ensure I had allow areas covered:

  1. Exam Blueprint (cisco.com)
  2. CCENT/CCNA ICND1 100-105 Official Cert Guide
  3. CCNA Routing and Switching ICND2 200-105 Official Cert Guide
  4. Cisco Packet Tracer (Network Simulator) or GNS3 for ICND2
  5. Practice Test – (when you purchase the premium ebook, you get the exam engine from pearson it certification or you can use MeasureUp)
  6. Video training (CBTNuggets.com) – they include practice test depending on packager selected.

Mentor Training

by Samuel Mitchell, posted in Routing & Switching

I have started to do mentorship training for the CCNA Routing & Switching certification exam 100-105 and 200-105.
I noticed that when I begin to teach or train others in what I know and understand in the cisco networking skills, I have a better chance of retaining the knowledge of the skills learned and developed over the years when studying for the CCNA exam.

I am now taking thing a step further to develop a blog that will allow me to sharing and impart the know I have about CCNA certification so it can better prepare me for the study of the CCNP R&S exam.

I look forward to sharing my knowledge and you my friends to add and develop on it.