tag:blogger.com,1999:blog-59778388227897309062024-03-14T08:47:19.427+01:00Playing with Networksmostly cisco CCNA / CCNP / CCSP / CCIE related networking stuff here.NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.comBlogger103125tag:blogger.com,1999:blog-5977838822789730906.post-48748051901878751982011-10-18T21:32:00.003+02:002011-10-18T21:32:28.747+02:00DE – Blog Empfehlung<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:HyphenationZone>21</w:HyphenationZone>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>DE</w:LidThemeOther>
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="267">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;
mso-fareast-language:EN-US;}
</style>
<![endif]-->
<br />
<div class="MsoNormal">
Da ich immer noch an meinem neuen Blog Post sitze und keine
wirkliche Zeit hab ihn fertig zu schreiben gibt es heute eine kleine Empfehlung
zum Lesen zwischendurch. Paul Stewart hat ein interessantes Thema aufgegriffen
was man auf jeden Fall im Hinterkopf haben sollte, beim Arbeiten mit einer ASA.
</div>
<div class="MsoNormal">
Sollte irgendjemand den Text auch in Deutsch brauchen
einfach in die Comments posten ich kümmere mich dann darum.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<a href="http://packetu.com/content/view/80/1/">The Woes of Using an ASA as a Default Gateway</a> @ Packet U</div>NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-4952139115148344102011-10-18T21:26:00.000+02:002011-10-18T21:26:25.256+02:00EN – Blog post recommendation<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:HyphenationZone>21</w:HyphenationZone>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>DE</w:LidThemeOther>
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="267">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;
mso-fareast-language:EN-US;}
</style>
<![endif]-->
<br />
<div class="MsoNormal">
<span lang="EN-US" style="mso-ansi-language: EN-US;"></span></div>
<div class="MsoNormal">
<span lang="EN-US" style="mso-ansi-language: EN-US;">Since I´m
still working on my next blog post and lacking the time to finish it, I would
like you to have a few at this cool ASA related post at Packet University. <span style="mso-spacerun: yes;"> </span>I´ve not encountered the problem in real life
but well you never know.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US" style="mso-ansi-language: EN-US;"><a href="http://packetu.com/content/view/80/1/">The Woes ofUsing an ASA as a Default Gateway</a> @ Packet U</span></div>NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-27500217808687722002011-10-11T00:00:00.001+02:002011-10-12T23:46:35.767+02:00DE - Wie kommt das "?" auf den Router<br />
Da ich es ja ausgiebig in den letzten Posts zu IPv6 verwendet habe und ich auch
schon einige Male gefragt wurde, Hier die Lösung zum Problem, wie kommt das
Fragezeichen in die Konfig / die URL / das Passwort / den Pre-shared-key:<br />
<i><span style="font-size: 10pt;">STRG + V und dann ?</span></i><br />
Das war‘s, weiter gehen, hier gibt es nichts zu sehen ;)NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-68148613236101312472011-10-11T00:00:00.000+02:002011-10-11T00:00:00.100+02:00EN - How to get a ? in your configWell since I´ve used it in my last posts about IPv6 on Cisco routers and I was asked a few times how to get a question mark into the config / url / password / pre-shared-key on your cisco device here the solution:<br />
<blockquote>
<i><span style="font-size: x-small;">CRTL + V + ?</span></i></blockquote>
Thats it folks!NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-46265785591248020452011-10-10T22:35:00.002+02:002011-10-10T22:35:40.926+02:00EN - HEv6 Tunnel improvementsAfter surfing the HE forum and a few other blogs I noticed some nice improvements that i would like to share with you.<br />
<br />
DDNS URL<br />
Currently I´m using the inital URL from HE but it is possible to use another URL that does not leave youre password in plaintext in your config <br />
<br />
<i><span style="font-size: x-small;">https://ipv4.tunnelbroker.net/ipv4_end.php?ip=AUTO&pass=MD5PASS&apikey=USERID&tid=TUNNELID</span></i><br />
<br />
Keep in mind that USERID is not your accountname but the ID you can find on the HE webpage. MD5PASS is your account password as MD5 hash and TUNNELID stays your asigned tunnel id.<br />
For the ip parameter you can either choose your static IPv4 IP or AUTO for dynamic IP updates.<br />
<br />
Another interessting option is the following command<br />
<br />
<blockquote>
<span style="font-size: x-small;"><i>ipv6 general-prefix HEv6 2001:470:XXXX::/48</i></span></blockquote>
<br />
This enables you to use the reference your prefix by calling the “name” of the prefix. The configuration of the loop 2 interface changes accordingly to:<br />
<br />
<blockquote>
<span style="font-size: x-small;"><i>Interface loopback 2</i></span><br />
<span style="font-size: x-small;"><i>ipv6 address HEv6 ::1/58</i></span><br />
<span style="font-size: x-small;"><i> ipv6 enable</i></span></blockquote>
<br />
Thanks to Karsten for the prefix hint on his blog. (<a href="http://security-planet.de/2009/06/22/per-tunnel-ins-ipv6-internet/">Link</a>)NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-54532510306502800302011-10-10T22:30:00.000+02:002011-10-11T21:53:16.595+02:00DE - HEv6 Tunnel Verbesserungen<br />
<div class="MsoNormal">
Nachdem ich noch etwas Zeit in den Foren von HE verbracht
hab und auch bei anderen Quellen mich umgesehen habe, will ich hier noch ein
paar Verbesserungen einpflegen.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
DDNS URL</div>
<div class="MsoNormal">
Derzeit verwende ich die URL wie sie Initial vorgeschlagen
wird, aus dem HE Forum habe ich eine neue Form der URL, die verhindert dass das
Passwort im Klartext in der Router Konfig steht.</div>
<div class="MsoNormal">
<span style="font-size: x-small;"><i> </i></span></div>
<div class="MsoNormal">
<span style="font-size: x-small;"><i>https://ipv4.tunnelbroker.net/ipv4_end.php?ip=AUTO&pass=MD5PASS&apikey=USERID&tid=TUNNELID</i></span></div>
<pre> </pre>
<span style="font-size: small;">Dabei ist zu beachten, das im Gegensatz zur original Form, ist der paramter IP mit der statischen IP oder mit AUTO für dynamische IPs zu belegen, sowie die USERID die ID und nicht der Accountname, MD5PASS das Accountpasswort als MD5 Hash und die TUNNELID wie gehabt die Tunnelid des IPv6 Tunnels ist</span>.<br />
<code></code><br />
<br />
Auch interessant ist die Option<br />
<br />
Das ermöglicht das Referenzieren in der weiteren Routerkonfiguration auf diesen Präfix. Lässt sich einfacher merken und spricht sich im Zweifelsfall auch einfacher.<br />
<br />
<blockquote>
<i><span style="font-size: x-small;">ipv6 general-prefix HEv6 2001:470:XXXX::/48</span></i></blockquote>
<br />
Daraus ergibt sich für das Loop 2 Interface folgende Config<br />
<blockquote>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt;">
<span style="font-size: x-small;"><i><span lang="EN-US" style="font-family: "Times New Roman","serif";">nterface loopback 2</span></i><span style="font-family: "Times New Roman","serif";"></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt;">
<span style="font-size: x-small;"><i><span lang="EN-US" style="font-family: "Times New Roman","serif";">ipv6 address HEv6 ::1/58</span></i><span style="font-family: "Times New Roman","serif";"></span></span></div>
<span style="font-size: x-small;"><i><span lang="EN-US" style="font-family: "Times New Roman","serif";"> ipv6 enable</span></i></span></blockquote>
<br />
Danke an Karsten bei dem ich mir das Präfix Command geliehen hab. (<a href="http://security-planet.de/2009/06/22/per-tunnel-ins-ipv6-internet/">Link</a>) <br />
<i><span style="font-size: x-small;"><code></code></span></i>NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-36971114976462222032011-10-09T23:15:00.000+02:002011-10-10T22:39:48.801+02:00EN - Hurricane Electric IPv6 Tunnel with Cisco 887<br />
<div class="MsoNormal">
<span lang="EN-US">As
mentioned earlier I was playing with the Hurricane Electric IPv6 Tunnel setup.
Now that the Tunnel is up and running I would like to share some knowledge I gained
and provide a few config sniplets.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">Starting
with the registration at <a href="http://www.tunnelbroker.net/">www.tunnelbroker.net</a>
you can request an IPv6 Tunnel. As soon as you´ve registered you can set up
your tunnel and register for a complete network with a/48 mask. Obviously to say
– I did register for the network.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">You can divide
configuring your router into 4 steps (more or less)</span></div>
<ul>
<li><span lang="EN-US"><span style="font: 7pt "Times New Roman";"></span></span><span lang="EN-US">Tunnel
creation</span></li>
<li><span lang="EN-US"></span><span lang="EN-US">Configure
HE Tunnel update</span></li>
<li><span lang="EN-US"><span style="font: 7pt "Times New Roman";"> </span></span><span lang="EN-US">Add
the HE Certificate</span></li>
<li><span lang="EN-US"><span style="font: 7pt "Times New Roman";"> </span></span><span lang="EN-US">Configure
and use your /48 network</span></li>
<li><span lang="EN-US">testing </span></li>
</ul>
<div class="MsoNormal">
<span lang="EN-US">The default
configuration of HE expects you to have a static IPv4 configured at your
router. Well since I’m using a home DSL connection my IP address changes every
24 hours. That´s why I change the tunnel source from IP to dialer 1. </span></div>
<div class="MsoNormal">
<br /></div>
<blockquote>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">interface
Tunnel0</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US"> description Hurricane Electric IPv6 Tunnel
Broker</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US"> no ip address</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US"> ipv6 enable</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US"> ipv6 address 2001:470:xxxx:xxxx::2/64</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US"> tunnel source Dialer 1 </span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US"> tunnel destination 216.66.84.42</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US"> tunnel mode ipv6ip</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">ipv6 route
::/0 Tunnel0</span></span></i></div>
</blockquote>
<div class="MsoNormal">
<span lang="EN-US">Additional
to the configuration I added this interface into the appropriate zone of the
Zone-Based firewall.</span></div>
<div class="MsoNormal">
<span lang="EN-US">The next
step for locations with changing IP addresses is to convince your router to tell
HE the changing IPv4 address. Hurricane offers a default URL that you can use
for the updating process. </span></div>
<div class="MsoNormal">
<span style="font-size: x-small;"><i><span lang="EN-US">https://ACCOUNTNAME:ACCOUNTPASSWORT@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID</span></i></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">To update
your IP at HE, you can use the DDNS feature of the Cisco router.</span></div>
<div class="MsoNormal">
<br /></div>
<blockquote>
<div class="MsoNormal">
<span style="font-size: x-small;"><i><span lang="EN-US">ip ddns
update method HEv6</span></i></span></div>
<div class="MsoNormal">
<span style="font-size: x-small;"><i><span lang="EN-US"> HTTP</span></i></span></div>
<div class="MsoNormal">
<span style="font-size: x-small;"><i><span lang="EN-US"> add https://ACCOUNTNAME:ACCOUNTPASSWORT@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID </span></i></span><a href="http://playingwithnetworks.blogspot.com/2011/10/en-hev6-tunnel-improvements.html">!update in next blog post</a></div>
</blockquote>
<blockquote>
<div class="MsoNormal">
<span style="font-size: x-small;"><i><span lang="EN-US"></span></i></span></div>
<div class="MsoNormal">
<span style="font-size: x-small;"><i><span lang="EN-US"> interval maximum 0 6 0 0</span></i></span></div>
<div class="MsoNormal">
<span style="font-size: x-small;"><i><span lang="EN-US"> interval minimum 0 1 0 0</span></i></span></div>
</blockquote>
<div class="MsoNormal">
<span lang="EN-US">Every hour
but your router will update the IP at HE.</span></div>
<div class="MsoNormal">
<span lang="EN-US">You have to
update the configuration of your dialer interface (or the interface that is
providing your internet connection) to update HE. </span></div>
<blockquote>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">Interface Dialer
1</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US"> ip ddns update hostname WS-Router</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US"> ip ddns update HEv6</span></span></i></div>
</blockquote>
<div class="MsoNormal">
<span lang="EN-US">Next step
is to import the certificate HE is using for the tunnel broker website. Since
this page is using a self-signed certificate the update with ddns could cause
problems if you don´t import it.</span></div>
<blockquote>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">crypto pki
trustpoint HEv6</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US"> enrollment terminal pem</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US"> revocation-check none</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">You need to
authenticate the trustpoint using the following dialog:</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">#crypto pki
authenticate HEv6</span></span></i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">Enter the
base 64 encoded CA certificate.</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">End with a
blank line or the word "quit" on a line by itself</span></span></i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">MIID8DCCAtigAwIBAgIJAPF6IlDmmdRhMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEQMA4GA1UEBxMHRnJlbW9udDEg</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">MB4GA1UEChMXSHVycmljYW5lIEVsZWN0cmljLCBMTEMxDTALBgNVBAsTBElQdjYx</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">GTAXBgNVBAMTEHR1bm5lbGJyb2tlci5uZXQxGjAYBgkqhkiG9w0BCQEWC2lwdjZA</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">aGUubmV0MB4XDTExMDQyMjE3NDIyMFoXDTIxMDQxOTE3NDIyMFowgZwxCzAJBgNV</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRAwDgYDVQQHEwdGcmVtb250MSAw</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">HgYDVQQKExdIdXJyaWNhbmUgRWxlY3RyaWMsIExMQzENMAsGA1UECxMESVB2NjEZ</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">MBcGA1UEAxMQdHVubmVsYnJva2VyLm5ldDEaMBgGCSqGSIb3DQEJARYLaXB2NkBo</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">ZS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe5nza8zQ/AiT+</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">ySc4mZYmLMcIrcU3q6ZEwIY5vHg2chzCJGCPQIwtBiexSZ7CWL8/GjdPWs6DoCut</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">DS6VlGGaRhJd0ppUOB3uZLcqnfY0/d40WpRFm49yAV3fmhQg744BKUz2+V23E3tP</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">n4UXq507dQ3RmNiZoS/T+DUbt1URXFZDIJmc4vjnYfGQhUzhbWZbC7J5fMFnTFSL</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">NWNou4drWwcApm4FjPfVr+tdanjGEs8bMGSbXo6BjtStiEy1yJ3QGyZLwuURcMMv</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">DV06/hc2Nv9MZPUaIPvXmNcSuVvY3MJiD1CiCWVmfiO3h7b5EmIWC+ZpO9L3Mk6/</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">j/MgWR6jAgMBAAGjMzAxMC8GA1UdEQQoMCaCEHR1bm5lbGJyb2tlci5uZXSCEiou</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">dHVubmVsYnJva2VyLm5ldDANBgkqhkiG9w0BAQUFAAOCAQEAXMG5ZOeyRCzIEPYP</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">tZKbr1N0CkiBHf+7bVqUqfifEte6S/edpUdzIzB9Wtt484Dt88cAeg4BH2z+Kx2C</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">lE9PxtTSMCInZIniuoLhaBP0BiRXEurTYdreFmen/S5cCkffVr+eJGk92lQQAdMr</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">kyz2kD1NCwCaEp1w9DYltDbfC2v8BSIiEKVvD72VW6E2r7AvW73s3+E3WcWbt6pV</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">qrKfFH4mKH0BR7nLzm5zduojCvIdH3GjelyLd7lUVR3N8Dz626tOzni/bzHpbH3T</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">dMlBIl3f7c41wcoFG5zSZf1mvgyOnSlOnNmlxMbnfnrIyIyfYz1L8UWqWZGbxJYH</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">EXcOrA==</span></span></i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">Certificate
has the following attributes:</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US"> Fingerprint MD5: 1128B641 08E7E271
B2FFB7FF 91411952</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US"> Fingerprint SHA1: 9EB44F27 6BCE5EF6
5D9D38CC A9252276 4318075C</span></span></i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">% Do you
accept this certificate? [yes/no]: yes</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">Trustpoint
CA certificate accepted.</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">%
Certificate successfully imported</span></span></i></div>
</blockquote>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">I exported the
applied certificate from my browser after opening the tunnelbroker page with Firefox.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">The /48
network HE assigned to me was subnetted and applied to my loop 2 interface to
check if everything works fine.</span></div>
<blockquote>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">Interface
loopback 2</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US">ipv6
address 2001:470:XXXX::1/58</span></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"><span lang="EN-US"> ipv6 enable</span></span></i></div>
</blockquote>
<div class="MsoNormal">
<span lang="EN-US">Last but
not least you should activate domain lookups on your router to resolve the
tunnelbroker URL for ddns.</span></div>
<div class="MsoNormal">
<span lang="EN-US">Final
testing:</span></div>
<div class="MsoNormal">
<br /></div>
<blockquote>
<div class="MsoNormal">
<span style="font-size: x-small;"><i><span lang="EN-US">ping ipv6
ipv6.google.com source loop 2</span></i></span></div>
<div class="MsoNormal">
<span style="font-size: x-small;"><i><span lang="EN-US">Sending 5,
100-byte ICMP Echos to 2A00:1450:8004::6A, timeout is 2 seconds:</span></i></span></div>
<div class="MsoNormal">
<span style="font-size: x-small;"><i><span lang="EN-US">Packet sent
with a source address of 2001:470:XXX::1</span></i></span></div>
<div class="MsoNormal">
<span style="font-size: x-small;"><i><span lang="EN-US">!!!!!</span></i></span></div>
<div class="MsoNormal">
<span style="font-size: x-small;"><i><span lang="EN-US">Success
rate is 100 percent (5/5), round-trip min/avg/max = 76/76/76 ms</span></i></span></div>
</blockquote>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">YEAH! Everything
worked as expected great </span>!<span lang="EN-US"> </span><br />
<span lang="EN-US">More to come <a href="http://playingwithnetworks.blogspot.com/2011/10/en-hev6-tunnel-improvements.html">here</a>!</span></div>
NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-43019301214146574912011-10-09T11:30:00.000+02:002011-10-10T22:38:59.089+02:00DE - Hurricane Electric IPv6 Tunnel mit Cisco 887<br />
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Wie schon geschrieben hab ich mich das vergangene Wochenende
mit dem IPv6 Tunnel von HE rumgeschlagen. Jetzt da er Up und Running ist will
ich meine Erfahrungen mal zusammenfassen und Konfigsniplets preisgeben. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Fangen wir am Anfang an, die Website ist unter <a href="http://www.tunnelbroker.net/">www.tunnelbroker.net</a> zu finden, die Registrierung ist quasi
selbsterklärend und sollte keine Hürde darstellen. Sobald man seinen Tunnel
angelegt hat kann man sich auch noch ein Netz /48 reservieren lassen, was ich
natürlich gleich gemacht hab. </div>
<div class="MsoNormal">
<br /></div>
Die Konfiguration erfolgt in mehreren Schritten,
<br />
<ul>
<li><span style="font: 7pt "Times New Roman";"></span>Tunnel aufsetzen</li>
<li><span style="font: 7pt "Times New Roman";"></span>HE Tunnel update</li>
<li>HE Zertifikat einspielen</li>
<li><span style="font: 7pt "Times New Roman";"> </span>/48 Netz verwenden</li>
<li>Test </li>
</ul>
<div class="MsoNormal">
Die Konfig des Tunnels geht davon aus, dass man eine
statische IP hat und verwendet die IP des Browser in der initialen Konfiguration.
Da wir nur einen Standard DSL am Standort haben hab ich die Statische IP durch
das Dialer Interface ersetzt, das bei uns die DSL Einwahl macht. </div>
<div class="MsoNormal">
<br /></div>
<blockquote>
<div class="MsoNormal">
<i><span style="font-size: x-small;">interface Tunnel0</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> description Hurricane
Electric IPv6 Tunnel Broker</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> no ip address</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> ipv6 enable</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> ipv6 address
2001:470:xxxx:xxxx::2/64</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> tunnel source Dialer
1 </span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> tunnel destination
216.66.84.42</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> tunnel mode ipv6ip</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">ipv6 route ::/0 Tunnel0</span></i></div>
</blockquote>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Zusätzlich hab ich das Interface noch in die entsprechende
Zone der Zone-Base Firewall gehängt.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Als nächstes sollte man, bei dynamische angebundenen
Standorten, den Router dazu überreden, bei Zwangstrennung oder IP wechseln die
Tunneldaten bei HE zu aktualisieren.</div>
<div class="MsoNormal">
Hurricane gibt dafür eine URL vor, die man vom Router aus
aufrufen kann, die URL hat folgenden
Syntax: </div>
<div class="MsoNormal">
<span style="font-size: x-small;"><i>https://ACCOUNTNAME:ACCOUNTPASSWORT@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID</i></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Um Hurricane zu aktualisieren sollte das DDNS feature des
Routers verwendet werden:</div>
<div class="MsoNormal">
<br /></div>
<blockquote>
<div class="MsoNormal">
<i><span style="font-size: x-small;">ip ddns update method HEv6</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> HTTP</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> add https://ACCOUNTNAME:ACCOUNTPASSWORT@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID <a href="http://playingwithnetworks.blogspot.com/2011/10/de-hev6-tunnel-verbesserungen.html">!Update im nächsten Blogpost</a></span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> interval maximum 0 6
0 0</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> interval minimum 0 1
0 0</span></i></div>
</blockquote>
<div class="MsoNormal">
Hier wird die dynamische IP meines Routers HE jede Stunde,
spätestens nach 6 Stunden mitgeteilt.</div>
<div class="MsoNormal">
Dem Dialer Interface müssen noch die DDNS Infos mitgegeben
werden, damit dieses HE aktualisiert.
</div>
<div class="MsoNormal">
<br /></div>
<blockquote>
<div class="MsoNormal">
<i><span style="font-size: x-small;">Interface Dialer 1</span></i></div>
<i><span style="font-size: x-small;">
</span></i><br />
<div class="MsoNormal">
<i><span style="font-size: x-small;"> ip ddns update
hostname WS-Router</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> ip ddns update HEv6</span></i></div>
</blockquote>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Als letztes muss noch das Zertifikat von HE hinterlegt
werden, da die Tunnelbroker Seite ein selbst signiertes Zertifikat verwendet
und das zu Probleme mit dem DDNS Feature führen kann.</div>
<blockquote>
<div class="MsoNormal">
<i><span style="font-size: x-small;">crypto pki trustpoint HEv6</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> enrollment terminal
pem</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> revocation-check none</span></i></div>
</blockquote>
<div class="MsoNormal">
Danach muss der Trustpoint noch authentifiziert werden, der
ganze Prozess stellt sich so dar:</div>
<blockquote>
<div class="MsoNormal">
<i><span style="font-size: x-small;">crypto pki authenticate HEv6</span></i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">Enter the base 64 encoded CA certificate.</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">End with a blank line or the word "quit" on a line
by itself</span></i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">MIID8DCCAtigAwIBAgIJAPF6IlDmmdRhMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEQMA4GA1UEBxMHRnJlbW9udDEg</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">MB4GA1UEChMXSHVycmljYW5lIEVsZWN0cmljLCBMTEMxDTALBgNVBAsTBElQdjYx</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">GTAXBgNVBAMTEHR1bm5lbGJyb2tlci5uZXQxGjAYBgkqhkiG9w0BCQEWC2lwdjZA</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">aGUubmV0MB4XDTExMDQyMjE3NDIyMFoXDTIxMDQxOTE3NDIyMFowgZwxCzAJBgNV</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRAwDgYDVQQHEwdGcmVtb250MSAw</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">HgYDVQQKExdIdXJyaWNhbmUgRWxlY3RyaWMsIExMQzENMAsGA1UECxMESVB2NjEZ</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">MBcGA1UEAxMQdHVubmVsYnJva2VyLm5ldDEaMBgGCSqGSIb3DQEJARYLaXB2NkBo</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">ZS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe5nza8zQ/AiT+</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">ySc4mZYmLMcIrcU3q6ZEwIY5vHg2chzCJGCPQIwtBiexSZ7CWL8/GjdPWs6DoCut</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">DS6VlGGaRhJd0ppUOB3uZLcqnfY0/d40WpRFm49yAV3fmhQg744BKUz2+V23E3tP</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">n4UXq507dQ3RmNiZoS/T+DUbt1URXFZDIJmc4vjnYfGQhUzhbWZbC7J5fMFnTFSL</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">NWNou4drWwcApm4FjPfVr+tdanjGEs8bMGSbXo6BjtStiEy1yJ3QGyZLwuURcMMv</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">DV06/hc2Nv9MZPUaIPvXmNcSuVvY3MJiD1CiCWVmfiO3h7b5EmIWC+ZpO9L3Mk6/</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">j/MgWR6jAgMBAAGjMzAxMC8GA1UdEQQoMCaCEHR1bm5lbGJyb2tlci5uZXSCEiou</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">dHVubmVsYnJva2VyLm5ldDANBgkqhkiG9w0BAQUFAAOCAQEAXMG5ZOeyRCzIEPYP</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">tZKbr1N0CkiBHf+7bVqUqfifEte6S/edpUdzIzB9Wtt484Dt88cAeg4BH2z+Kx2C</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">lE9PxtTSMCInZIniuoLhaBP0BiRXEurTYdreFmen/S5cCkffVr+eJGk92lQQAdMr</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">kyz2kD1NCwCaEp1w9DYltDbfC2v8BSIiEKVvD72VW6E2r7AvW73s3+E3WcWbt6pV</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">qrKfFH4mKH0BR7nLzm5zduojCvIdH3GjelyLd7lUVR3N8Dz626tOzni/bzHpbH3T</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">dMlBIl3f7c41wcoFG5zSZf1mvgyOnSlOnNmlxMbnfnrIyIyfYz1L8UWqWZGbxJYH</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">EXcOrA==</span></i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">Certificate has the following attributes:</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> Fingerprint
MD5: 1128B641 08E7E271 B2FFB7FF 91411952</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;"> Fingerprint
SHA1: 9EB44F27 6BCE5EF6 5D9D38CC A9252276 4318075C</span></i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">% Do you accept this certificate? [yes/no]: yes</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">Trustpoint CA certificate accepted.</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">% Certificate successfully imported</span></i></div>
</blockquote>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Das eingefügte Zertifikat kann man aus den Browser
exportieren, wenn man die DDNS URL manuell aufruft. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
Ich habe das /48 Netz etwas gesubnettet und verwende für den
Test das Loop 2 Interface um von einfach zu schauen ob wir Konnektivität haben.</div>
<div class="MsoNormal">
<br /></div>
<blockquote>
<div class="MsoNormal">
<span style="font-size: x-small;"><i>Interface loopback 2</i></span></div>
<div class="MsoNormal">
<span style="font-size: x-small;"><i>ipv6 address 2001:470:XXXX::1/58</i></span></div>
<div class="MsoNormal">
<span style="font-size: x-small;"><i> ipv6 enable</i></span></div>
</blockquote>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
Ach ja zu guter Letzt sofern noch nicht vorhanden, sollte
DNS aktiviert sein, schon allein damit die DDNS URL von HE aufgelöst wird.</div>
<div class="MsoNormal">
Abschließender Test:</div>
<div class="MsoNormal">
<br /></div>
<blockquote>
<div class="MsoNormal">
<i><span style="font-size: x-small;">ping ipv6 ipv6.google.com source loop 2</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">Sending 5, 100-byte ICMP Echos to 2A00:1450:8004::6A,
timeout is 2 seconds:</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">Packet sent with a source address of 2001:470:XXX::1</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">!!!!!</span></i></div>
<div class="MsoNormal">
<i><span style="font-size: x-small;">Success rate is 100 percent (5/5), round-trip min/avg/max =
76/76/76 ms</span></i></div>
</blockquote>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
YEAH! Alles schick, mehr kommt <a href="http://playingwithnetworks.blogspot.com/2011/10/de-hev6-tunnel-verbesserungen.html">hier</a>!</div>
NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-20321509504876955862011-10-08T23:30:00.001+02:002011-10-09T23:16:52.932+02:00EN - Cisco 887w default open ports! WTF!<div class="MsoNormal">
<span lang="EN-US">The last
two nights I was playing with the <a href="http://tunnelbroker.net/">Hurricane Electric</a> Tunnel setup for one of
our routers to get IPv6 to my lab. For some strange reason the tunnel showed
that it was up but I was unable to ping the IPv6 IP of Google.com. To track
down the issue I used the port scan feature of HE on my public v6 and besides
the expected port 22 for tcp the following ports showed up on my 887w: Port tcp
2002, tcp 4002, tcp 6002 and tcp 9002. I tried a telnet and I was really scared
when my router replied with a nice telnet prompt.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">I goggled
for the open ports plus cisco 887w and found the <a href="http://www.dataprotectioncenter.com/security/the-matryoshka-router/">article</a> over at <a href="http://www.dataprotectioncenter.com/">www.dataprotectioncenter.com</a>. It
looked like the Line 2 is used to communicate between the router and the
wireless controller. This controller was working like a service module in the
router. </span></div>
<div class="MsoNormal">
<span lang="EN-US">The article provided a simple solution that I instantly applied. What
was the solution – put an access list on the Line 2 for IPv4 and IPv6. </span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">I dug a
little to the bug database at cisco.com but I couldn´t find anything.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US"> When I’m back at the office I´ll have a closer
look on this particular problem and keep you updated.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">Thanks to “Didier
Stevens“ for figuring and sharing this issue.</span></div>
NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-8777076211565569992011-10-08T23:30:00.000+02:002011-10-09T23:16:33.612+02:00DE - Cisco 887w offene Ports! WTF!<br />
<div class="MsoNormal">
Die letzten zwei Nächte haben meinem 887w Router und
<a href="http://tunnelbroker.net/">Hurricane Electrics</a> IPv6 Tunnel gehört. Ich wollte für mein Lab ein echtes IPv6
Netz haben und habe mir daher einen HE Tunnel auf den Router konfiguriert. Als
die Konfig durch war konnte ich leider meine Test Host ipv6.google.com nicht
erreichen. Da ich einen Fehler auf meiner Seite ausschließen wollte probierte
ich mit dem HE Tool einen Port Scan auf meine Maschine der ziemlich erfolgreich
war. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Leider erfolgreicher als erwünscht da er neben dem
erwarteten Port TCP 22 auch die Ports TCP 2002, TCP 4002, TCP 6002 und TCP 9002
als offen anzeigte. Einen kurzen versuch via Telnet später zeigte mir, dass auf
den Ports auch wirklich eine hübsche Cisco Telnet Login Aufforderung kam. WTF,
wo kommt das den her, ging mir durch den Kopf.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Wie so oft wusste Google Rat und ich fand bei der Suche nach
“open ports cisco 887w” eine <a href="http://www.dataprotectioncenter.com/security/the-matryoshka-router/">Artikel</a> bei <a href="http://www.dataprotectioncenter.com/">www.dataprotectioncenter.com</a>. Der
lieferte eine grobe Erklärung was dort antwortet, es ist dem Artikel zufolge “Line
2” die dafür genutzt wird, dass man vom Router mit dem Service Module des Wireless
Controller kommunizieren kann. Die Lösung die der Artikel anbot ist recht
einfach – einfach eine entsprechende access-list auf die “Line 2” binden und
schon ist ruhe.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Sobald ich wieder im Büro bin und etwas mehr Zeit hab schau
ich mir das Thema noch einmal genauer an. Im Moment mag ich nicht an dem Ast
sägen, auf dem ich sitze :D</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Wenn ich etwas mehr weiß, melde ich mich.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Ein dickes danke an “Didier Stevens“ von dem der Artikel stammt.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Achja die Cisco BUG DB findet dazu nichts (war ja klar)</div>
NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-15497745678619364922011-10-07T23:30:00.001+02:002011-10-09T23:18:02.888+02:00EN - What a week!<br />
<div class="MsoNormal">
<span lang="EN-US">First week
with a new customer is done and it was quite nice. Quite good documented and
nice topics I´m working on. Bad luck most stuff is once again CheckPoint but
well I´ve got to face it, they won´t go away, so I got to deal with them.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">Anyway
since I was figuring out processes and stuff I wasn´t able to update my posts
here but I think next week I´ll have a little more time for blogging.</span></div>
NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-57479198895283392282011-10-07T23:30:00.000+02:002011-10-09T23:17:42.849+02:00DE - Was für eine Woche!<br />
<div class="MsoNormal">
Quasi die erste Woche beim Kunden ist um und ich muss sagen
ich bin positiv überrascht. Die meisten Sachen sind gut dokumentiert und / oder
selbsterklärend und auch das Bereitstellen der Arbeitsmittel hat fast
reibungslos funktioniert. Leider ist der Fokus auch dieses Mal wieder auf
CheckPoint, aber da CheckPoint vermutlich nicht so schnell verschwindet, werde
ich mich damit arrangieren (müssen).</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Auf jeden Fall blieb mir nicht so viel Zeit zum bloggen, da
die meiste Zeit zum einlesen und durcharbeiten drauf gegangen ist. Nächste
Woche dürfte es besser werden und dann gibt es auch wieder neue Posts.</div>
NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-11425972140574871152011-10-04T07:01:00.001+02:002011-10-04T07:02:01.434+02:00DE – Rack Layout<br />
<div class="MsoNormal">
</div>
<div class="MsoNormal">
OK ich hab es also wieder nicht wirklich geschafft meinen
Zeitplan treu zu bleiben. Aber da ich mit meiner Familie meine Eltern besuchen
war hab ich das verlängerte Wochenende für mehr Zeit mit der Familie und
weniger Zeit zum Lernen und Bloggen genutzt.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Wie schon im letzten Post erwähnt, hab ich es geschafft mein
Lab fertig zu stellen. </div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2E6nB70IUtYK_w0u7pbEOX6-0vjqs7lOEzrIWB-weovfOZH65i7EcaffXkRabhX5vDK9G9hZHsCEcBYYv4SbxCfmvzh83C5Rryq6QSFEiR6FOpAWcbSufm1wqYYqs5Xa72kUtCnTt4OSa/s1600/IMAG0351.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2E6nB70IUtYK_w0u7pbEOX6-0vjqs7lOEzrIWB-weovfOZH65i7EcaffXkRabhX5vDK9G9hZHsCEcBYYv4SbxCfmvzh83C5Rryq6QSFEiR6FOpAWcbSufm1wqYYqs5Xa72kUtCnTt4OSa/s320/IMAG0351.jpg" width="191" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Anbei eine kleine Auflistung der Sachen die ich jetzt
verbaut hab und warum sie sich dort befinden <span style="font-family: Wingdings;">:)</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
HE 1 & 2 - Patch Panels für die Büro Verkabelung – das Rack
wird auch im Produktiven Netz benutzt</div>
<div class="MsoNormal">
HE 3 - Cisco 2509 + Oktopus Kabel + AUI Konverter Der Router
arbeitet als Terminal Server für alle Lab Geräte</div>
<div class="MsoNormal">
HE 4 - Cisco 2924 – 24 Port Fast Ethernet Switch, als
Backbone Switch übernimmt er die L2 Topologie Anbindung der ASAs</div>
<div class="MsoNormal">
HE5 -6 Neat Patch – Kabelführungsgedönst (sehr schick)</div>
<div class="MsoNormal">
HE7 HP ProCurve Switch (non Lab)</div>
<div class="MsoNormal">
HE8 Cisco ASA (BLUE) –ASA OS 8.0.2 </div>
<div class="MsoNormal">
HE9 Cisco ASA (GREEN) –ASA OS 8.0.2</div>
<div class="MsoNormal">
HE10 Cisco ASA (RED) –ASA OS 8.0.4 (wird noch angepasst)</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Unter den ASAs befindet sich eine etwas ältere Vostro
Workstation von Dell, die so umgebaut wurde, das sie nun als VMware Server für
die anderen Systeme dient, sprich für ACS, IOU, GNS3 und natürlich auch für die
Client Betriebssysteme</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Auf der Rückseite des Racks befindet sich eine achtfach
Steckdose, mit IP Anschluss, so dass alle Geräte per Webmanagement hoch und
runter gefahren werden können.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Sobald ich Zeit hab update ich meine L1/ L2 Topologie und
poste sie hier</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
So long</div>
NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-33318182968865860852011-10-04T07:01:00.000+02:002011-10-04T07:01:44.420+02:00EN - Rack layout<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
<div class="MsoNormal">
<span lang="EN-US">Once again
I´ve been a bit lazy, we´ve been to my parents and I decided to spent more time
with my family than blogging (and learning).</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">But as
mentioned earlier I was finally able to cable my rack. </span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2E6nB70IUtYK_w0u7pbEOX6-0vjqs7lOEzrIWB-weovfOZH65i7EcaffXkRabhX5vDK9G9hZHsCEcBYYv4SbxCfmvzh83C5Rryq6QSFEiR6FOpAWcbSufm1wqYYqs5Xa72kUtCnTt4OSa/s1600/IMAG0351.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2E6nB70IUtYK_w0u7pbEOX6-0vjqs7lOEzrIWB-weovfOZH65i7EcaffXkRabhX5vDK9G9hZHsCEcBYYv4SbxCfmvzh83C5Rryq6QSFEiR6FOpAWcbSufm1wqYYqs5Xa72kUtCnTt4OSa/s320/IMAG0351.jpg" width="191" /></a></div>
<br />
<br />
<div class="MsoNormal">
<span lang="EN-US">As you can
see (hopefully) I´ve got a mixed rack. This means a small part of the stuff is
used for productive networking in our office.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">I will quickly
line out what I´ve used and why, starting from top.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">U 1 & 2
- patch panels for the office (non LAB)</span></div>
<div class="MsoNormal">
<span lang="EN-US">U 3 - Cisco
2509 + octopus cable + AUI converter – this router is used to provide console
connections to all lab devices</span></div>
<div class="MsoNormal">
<span lang="EN-US">U4 - Cisco 2924
– 24 Port Fast Ethernet switch, not really part of the lab the switch just
provides the L2 Structure for the ASAs</span></div>
<div class="MsoNormal">
<span lang="EN-US">U5 -6 Neat
Patch – just to keep the rack clean</span></div>
<div class="MsoNormal">
<span lang="EN-US">U7 HP ProCurve
Switch (non Lab)</span></div>
<div class="MsoNormal">
<span lang="EN-US">U8 Cisco
ASA (BLUE) – Running ASA OS 8.0.2 </span></div>
<div class="MsoNormal">
<span lang="EN-US">U9 Cisco
ASA (GREEN) – Running ASA OS 8.0.2</span></div>
<div class="MsoNormal">
<span lang="EN-US">U10 Cisco
ASA (RED) – Running ASA OS 8.0.4 (need to fix that)</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">Below – not
rack mounted – Dell Vostro 410 Desktop PC modified to work as VM host system
with ACS, IOU , GNS3 and some Guest OS to work as clients.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">All Lab
equipment is attached to an 8 port power outlet that can be managed using a web
interface to remotely reboot the stuff in case it fails.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">I´ll update
the L1 / L2 topology in the next view days and once again post it here.</span></div>
<div class="MsoNormal">
<span lang="EN-US">So long</span></div>
NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-41064396992567763862011-10-02T12:04:00.000+02:002011-10-02T12:07:37.502+02:00EN - So many things, so little time<br />
<div class="MsoNormal">
<span lang="EN-US">Actually I had
planned to post a small update on my CCIE lab the last Thursday, but as usual
life or in this case the customer had another opinion about it. </span><br />
<br />
<span lang="EN-US">As mentioned
earlier I was working at a customer location to immediately fix some network
issues with HP system. After the STP problem was solved we talked a while and decided
to move to L3 meaning enabling routing and reducing the spanning tree. Since the
customer had special demands considering network outages during business hours
we scheduled the redesign and rebuild of the network to Thursday night. Not to
mention that it took the whole night after we “crashed” their router (Draytek)
so hard that this stupid box didn´t knew that it had interfaces after the
reboot</span><span lang="EN-US">. </span><br />
<br />
<span lang="EN-US">At 4 in the
morning everything was back up and the network was running smooth (and all
switches stayed significant below 20% CPU utilization). Next step will be replacing
the Draytek box with two Cisco routers and shifting from copper uplinks to
fiber as well as implement QoS</span><span lang="EN-US">. </span><br />
<br />
<span lang="EN-US">So I had
about 4 hours to go back home, shower, sleep, wake up, get to the office and
prepare for the next customer meeting – no time for blog post</span><span lang="EN-US">. </span><br />
<br />
<span lang="EN-US">Anyway I managed
to finally cable my CCIE Security lab rack and will post a few updates about it
tonight, hopefully.</span></div>
NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-67699793148956442252011-10-02T00:30:00.000+02:002011-10-02T12:05:35.213+02:00DE – viel zu viel zu tun und viel zu wenig Zeit<br />
<div class="MsoNormal">
Eigentlich wollte ich euch am vergangenen Donnerstag
berichten wie toll mein CCIE Lab voranschreitet aber leider ist, wie so oft, etwas dazwischen gekommen, in diesem Fall ein Kunde.<br />
</div>
<div class="MsoNormal">
Wie schon berichtet, habe
ich ja letzten wieder einmal etwas mit HP ProCurves zu tun gehabt. Der Kunde
hatte massive Netzwerkprobleme beklagt und wie sich herausstellte, war es unter
anderem ein STP Problem, welches sich recht schnell fixen ließ. Nachdem der Fix
implementiert war haben wir noch etwas zusammen gesessen und uns dann darauf
verständigt, das wir von einer flachen L2 Struktur auf eine L3 Struktur
wechseln und so den Spanning Tree massive verkleinern – quasi Bonsai Spanning Tree.
Da der Kunde aber den kompletten Umbau der Netztopology nicht unbedingt in die Geschäftszeiten
legen wollte, haben wir uns für die vergangene Donnerstagnacht entschieden. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Gesagt getan, die gesamte Nacht haben wir das Netz umgebaut
und dabei den Edge Router (einen Draytek) so sehr verwirrt, das er nach einem Reboot
nicht mehr seine Interfaces gefunden hatte. Zum Glück konnten wir die Box auf
Werkseinstellungen zurücksetzen und ein Backup einspielen. Gegen 4 Uhr war das
Netz dann umgestellt und schnurrte wie ein Kätzchen, Yeah! Als nächstes wird
die Draytek Box durch ein paar Cisco Router ersetzt und die Uplinks auf Fiber
umgestellt. Ach ja QoS soll auch noch kommen, unter anderem.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Danach blieben mir noch gute 4 Stunden um nach Hause zu
kommen, zu duschen, zu schlafen, aufzustehen und ins Büro zu kommen für den
nächsten Kundentermin. Sprich es blieb keine Zeit mehr für mein CCIE LAB Post
übrig.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Egal, egal, egal, ich hab es am Freitag geschafft mein Rack
noch fertig zu verkabeln und darüber gibt es hoffentlich heute Nacht ein Post
;)</div>
NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-49641299047532835862011-09-28T00:10:00.004+02:002011-09-27T23:51:51.671+02:00EN – HP ProCurve / Cisco Catalyst Interoperability<div class="MsoNormal"><span lang="EN-US"></span></div><div class="MsoNormal"><span lang="EN-US">Today I was working at a customer location playing around with some HP ProCurve switches. Usually I do configure Cisco switches, so I was happy to find this little guide about HP ProCurve and Cisco Catalyst interoperability. Quite nice if you are sure what you want to do on Cisco but are unsure what the command should look like on ProCurve. </span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span lang="EN-US"><a href="http://www.tecnocael.it/ftp/docs/ProCurve_Cisco.pdf">ProCurve /Catalyst Interoperability Guide</a> (found at www.tecnocael.it)</span></div>NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-74270767775443573742011-09-28T00:10:00.003+02:002011-09-28T00:10:00.374+02:00DE – Zusammenspiel von HP ProCurve und Cisco Catalyst<div class="MsoNormal">Heute hatte ich das Glück bei einem Kunden mit einigen HP ProCurve Switches zu arbeiten. Da ich schon eine Weile nicht mehr mit den ProCurves zu tun hatte, ist mein Know How über den speziellen Syntax etwas eingerostet. Umso mehr hab ich mich gefreut im Netz einen kleinen Guide zu finden der im Prinzip darstellt, wie Cisco Catalyst und HP ProCurves zusammenarbeiten. Der Vorteil daran ist, dass man sehen kann wie eine Konfiguration unter Cisco als ProCurve Config aussieht. </div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><a href="http://www.tecnocael.it/ftp/docs/ProCurve_Cisco.pdf">ProCurve / Catalyst Interoperability Guide</a> (gefunden bei www.tecnocael.it)</div>NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-45317228496325428092011-09-27T07:30:00.009+02:002011-09-27T23:32:30.202+02:00DE - Grundlagen schaffenYeah, ich hab ein neues Projekt – ASA / Checkpoint in Hamburg, sprich leider weit weg von meiner Familie. Der einzige Vorteil den ich da habe, ist das ich die Abende zum Lernen nutzen kann. <br />
<div class="MsoNormal">Um richtig loszulegen habe ich begonnen Grundlagen zu schaffen.</div><div class="MsoNormal">Was bedeutet das genau. Ich habe einige von meinen alten MSDN CDs rausgekramt und in VMware ein paar Systeme hochgezogen.<br />
</div><ul><li>System 1: Windows Server 2003 Inkl. AD, CA und Tardis (NTP Server/Client)</li>
<li>System 2: Windows Server 2003 ACS 4.2 Server, 3CDaemon</li>
<li>System 3+4: Windows XP, Client System für VPN usw.</li>
</ul><div class="MsoNormal"><br />
Morgen werden die Systeme auf den VM Server geschoben und dann bin ich fast fertig mit der Lab Vorbereitung. </div><div class="MsoNormal">Achja kleine Anekdote am Rande, ich habe mir ja einen 2509 gekauft der als TS Server dienen soll, leider hab ich übersehen, dass das gute Stück nur 2 Serial + 1 AUI Interface hat, so dass ich jetzt noch einmal ein paar Euro für einen AUI – Ethernet Adapter nachschießen darf.</div><div class="MsoNormal">Hoffentlich mehr am Donnerstag</div>NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-61338737765072918852011-09-27T07:30:00.008+02:002011-09-27T23:32:03.230+02:00EN – Setting up the basics<div class="MsoNormal"><span lang="EN-US">First of all yeah I´ve got a new project, mostly ASA/Checkpoint. Sadly it is in Hamburg so quite a good deal away from my family. The only thing positive about being in Hamburg is that I will have the time for some serious learning.</span></div><div class="MsoNormal"><span lang="EN-US">To do so, I´ve started today to build up some basics for the lab.</span></div><div class="MsoNormal"><span lang="EN-US">I had to dig out my old MSDN CDs and deployed a few systems in VMware.</span></div><div class="MsoNormal"><br />
<ul><li><span lang="EN-US">System 1: Windows Server 2003 with Active Directory, Certificate Authority and Tardis (for NTP)</span></li>
<li><span lang="EN-US">System 2: Windows Server 2003 with ACS 4.2 and 3CDaemon for Syslog</span></li>
<li><span lang="EN-US">System 3 and 4: Windows XP, Client System for VPN and so on…</span></li>
</ul></div><div class="MsoNormal"><br />
<span lang="EN-US">Hopefully I will be able to move them from my laptop to the VM Server. When this is completed, my lab is nearly ready.</span></div><div class="MsoNormal"><span lang="EN-US">I noticed today when my Terminal Server Router (2509) arrived that this box was missing an Ethernet interface. Default configuration is just 2x serial and 1x AUI interface, so I had to order an AUI to Ethernet adaptor. Bad luck!</span></div>NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-27700163652876724272011-09-26T00:44:00.001+02:002011-09-26T23:32:03.754+02:00EN – Books!<div class="MsoNormal"><span lang="EN-US">Depending on your time zone Sunday has already passed and my post intentioned for Sunday is published on Monday, but well at least it is published.</span></div><div class="MsoNormal"><span lang="EN-US">As I mentioned two days ago, I really want to get into this CCIE thing and started with one important question „ what should I read?“ Cisco got a quite good answer, a book list recommended for your CCIE security studies. This list is quite scary because it would take years to read all these books.</span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><a href="http://www.cisco.com/web/learning/le3/ccie/security/book_list.html"><span lang="EN-US">Cisco CCIE security book list</span></a></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span lang="EN-US">I already own the following books.</span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><i><span lang="EN-US" style="font-family: "Calibri","sans-serif";"><a href="http://www.ciscopress.com/title/1587140268">CCIE Security v3.0 Configuration Practice Labs (eBook), 2nd Edition</a></span></i></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><i><span lang="EN-US" style="font-family: "Calibri","sans-serif";"><a href="http://www.ciscopress.com/bookstore/product.asp?isbn=1587058197">Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance, 2nd Edition</a></span></i></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><i><span lang="EN-US" style="font-family: "Calibri","sans-serif";"><a href="http://www.ciscopress.com/title/1587052040">The Complete Cisco VPN Configuration Guide</a></span></i></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><i><span lang="EN-US" style="font-family: "Calibri","sans-serif";"><a href="http://www.ciscopress.com/title/1587052024">Routing TCP/IP, Volume I, Second Edition</a></span></i></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span lang="EN-US"><a href="http://www.amazon.com/exec/obidos/ASIN/0201633469/qid=1101962272/sr=2-1/ref=pd_ka_b_2_1/002-8670228-6404004"><i><span style="font-family: "Calibri","sans-serif"; text-decoration: none;">The Protocols (TCP/IP Illustrated : Volume 1)</span></i></a></span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span lang="EN-US">The first is he only book I bought specially for my CCIE training, the rest I own because from time to time it is nice to look something up during the job.</span></div><div class="MsoNormal"><span lang="EN-US">As soon as I add a new book I´ll publish it here and of course give some comments about the existing once.</span></div><div class="MsoNormal"><span lang="EN-US">Hopefully my next post will be up on Tuesday.</span></div>NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-75611972049886232132011-09-26T00:34:00.003+02:002011-09-26T23:32:24.401+02:00DE – Bücher!<div class="MsoNormal"></div><div class="MsoNormal">Je nachdem in welcher Zeitzone ihr wohnt ist der Sonntag schon vorbei, leider bei mir auch, so das aus dem Sonntagsposting ein Montagmorgenposting geworden ist.</div><div class="MsoNormal"><br />
</div><div class="MsoNormal">Jetzt da ich das Thema CCIE ernsthaft angehen will, ist natürlich eine der wichtigsten Fragen, was sollte man alles Lesen um Fit auf dem Bereich zu werden und auch eine ernsthafte Chance zu haben.</div><div class="MsoNormal">Es gibt bei Cisco eine schicke Liste mit empfohlenen Büchern, wenn man die durchgeht bekommt man es mit der Angst zu tun, da um das alles zu lesen man vermutlich Jahre braucht.</div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><a href="http://www.cisco.com/web/learning/le3/ccie/security/book_list.html">Cisco CCIE Security Liste</a></div><div class="MsoNormal"><br />
</div><div class="MsoNormal">Ich nenne davon Folgende bereits mein eigen:</div><div class="MsoNormal"><i><span style="font-family: "Calibri","sans-serif";"><a href="http://www.ciscopress.com/title/1587140268">CCIE Security v3.0 Configuration Practice Labs (eBook), 2nd Edition</a></span></i></div><div class="MsoNormal"><i><span style="font-family: "Calibri","sans-serif";"><a href="http://www.ciscopress.com/bookstore/product.asp?isbn=1587058197">Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance, 2nd Edition</a></span></i></div><div class="MsoNormal"><br />
<i><span style="font-family: "Calibri","sans-serif";"><a href="http://www.ciscopress.com/title/1587052040">The Complete Cisco VPN Configuration Guide</a></span></i></div><div class="MsoNormal"><br />
<i><span style="font-family: "Calibri","sans-serif";"><a href="http://www.ciscopress.com/title/1587052024">Routing TCP/IP, Volume I, Second Edition</a></span></i></div><div class="MsoNormal"><br />
<a href="http://www.amazon.com/exec/obidos/ASIN/0201633469/qid=1101962272/sr=2-1/ref=pd_ka_b_2_1/002-8670228-6404004"><i><span style="font-family: "Calibri","sans-serif"; text-decoration: none;">The Protocols (TCP/IP Illustrated : Volume 1)</span></i></a></div><div class="MsoNormal"><br />
Bis auf das erste hab ich diese schon einige Zeit da ich sie fürs Arbeitsleben hin und wieder auch gebrauchen kann. Das erste Buch hab ich nur zum CCIE Training mir an Land gezogen.</div><div class="MsoNormal">Sobald ich neue Bücher mir hinzu hole wird ich das hier irgendwo updaten. Fürs erste hab ich genug mit den die ich habe zu tun.</div><div class="MsoNormal"><br />
</div><div class="MsoNormal"></div><div class="MsoNormal">Mehr gibt es voraussichtlich am Dienstag</div>NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-57007693031144561762011-09-24T00:39:00.001+02:002011-09-26T23:31:30.528+02:00EN - Go Go Go!<div class="MsoNormal"><span lang="EN-US"></span></div><div class="MsoNormal"><span lang="EN-US">Well that’s life, traveling around and doing various projects you end up doing more Checkpoint than Cisco stuff. Actually I´m fine with both but I like Cisco a little more. So what can I do to get back on the Cisco track? Yes aim for the CCIE security. (You have to have big goals). </span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span lang="EN-US">I was hoping that I would have finished my CCIE before I hit the age of 31 but well I really had no time (insert other lame excuse here!) .</span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span lang="EN-US">Anyway to really start with the CCIE preparations you need what (except from time and books) yes equipment! Here we go!</span></div><div class="MsoNormal"><span lang="EN-US"><br />
</span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3_6jwE_VjSvSB3GY1ERRtwUAa4swjkpv5faL5X0yR1pevOpHmBM3AuOJ2aC9sXB3d2qz6f9aOuwGl0O_vAzt80YXkK84Je_GhkdirjVf0WpxnYeHPjc_6on9bJkcKtmWaYj94h6Cr2gb2/s1600/IMAG0346.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3_6jwE_VjSvSB3GY1ERRtwUAa4swjkpv5faL5X0yR1pevOpHmBM3AuOJ2aC9sXB3d2qz6f9aOuwGl0O_vAzt80YXkK84Je_GhkdirjVf0WpxnYeHPjc_6on9bJkcKtmWaYj94h6Cr2gb2/s320/IMAG0346.jpg" width="191" /></a></div><div class="MsoNormal"><span lang="EN-US"><br />
</span></div><div class="MsoNormal"><span lang="EN-US">That’s 3x ASA 5510 Sec bun + 3x 2940 + 1x 1841. In theory I just need the ASAs and the switch the rest will be done using VMware, GNS3 and IOU. </span></div><div class="MsoNormal"><span lang="EN-US">When the lab is finished wiring it will hopefully look somewhat like this:</span></div><div class="MsoNormal"><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhystBYJpeQhRQClBg-aACct_yHJjvrGTu5XxPt9M5_ZrN77YdlIoMMzXC7T1yyEHFqhyphenhyphenk91YnVAL7vXf7F1-2oXRpU7fJx9dfNW1TAM4Cmemo9-KcPX4SQgCWDHXsOken1QnCEdQPR4FiJ/s1600/L2Lab_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhystBYJpeQhRQClBg-aACct_yHJjvrGTu5XxPt9M5_ZrN77YdlIoMMzXC7T1yyEHFqhyphenhyphenk91YnVAL7vXf7F1-2oXRpU7fJx9dfNW1TAM4Cmemo9-KcPX4SQgCWDHXsOken1QnCEdQPR4FiJ/s320/L2Lab_1.png" width="320" /></a></div><div class="MsoNormal"><span lang="EN-US"><br />
</span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span lang="EN-US">The top left router is a 2509 for TS that I bought today but that is not jet shipped.</span></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><span lang="EN-US">That’s all for now more on Sunday (hopefully)</span></div><div class="MsoNormal"><br />
</div>NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-86451875702965206092011-09-24T00:25:00.002+02:002011-09-26T23:33:06.622+02:00DE – Go Go Go!<div class="MsoNormal"></div><div class="MsoNormal">So schön kann die Welt sein. Da treibt man sich eine Weile in den unterschiedlichsten Projekten herum und plötzlich hat man mehr mit Checkpoint zu tun als mit Cisco. Grundsätzlich kann ich mit beiden Systemen leben aber mir liegt eigentlich eher die Cisco Variante. Daher heißt es für mich in nächster Zeit Cisco wieder stärker forcieren. </div><div class="MsoNormal">Und wie lässt sich Cisco stärker forcieren genau mit einem CCIE. JAHA! Genau CCIE! Eigentlich wollte ich das Thema noch vor meinem 31 erledigt haben aber irgendwie war der Rest der Welt gegen mich. (Bitte hier beliebige andere Ausrede einsetzen)</div><div class="MsoNormal">Sei es wie es sei, ich mach nun ernst. Was braucht man wenn man es ernst meint? Richtig Equipment!</div><div class="MsoNormal"><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3_6jwE_VjSvSB3GY1ERRtwUAa4swjkpv5faL5X0yR1pevOpHmBM3AuOJ2aC9sXB3d2qz6f9aOuwGl0O_vAzt80YXkK84Je_GhkdirjVf0WpxnYeHPjc_6on9bJkcKtmWaYj94h6Cr2gb2/s1600/IMAG0346.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3_6jwE_VjSvSB3GY1ERRtwUAa4swjkpv5faL5X0yR1pevOpHmBM3AuOJ2aC9sXB3d2qz6f9aOuwGl0O_vAzt80YXkK84Je_GhkdirjVf0WpxnYeHPjc_6on9bJkcKtmWaYj94h6Cr2gb2/s320/IMAG0346.jpg" width="191" /></a></div><div class="MsoNormal"><br />
</div><div class="MsoNormal"><br />
</div><div class="MsoNormal">Das hab ich ja nun wie man hier hübsch sieht (3x ASA 5510 Sec bun + 3x 2940 + 1x 1841)</div><div class="MsoNormal">Brauchen tu ich eigentlich nur die drei ASAs und den 2940 24 Port Switch eventuell fällt mir noch etwas Sinnvolles für den 1841 ein aber eigentlich wollte ich alles was Router und Switch heißt ins IOU bzw. Dynamips verbannen.</div><div class="MsoNormal">Das ganze sieht dann nach aktuellem Netzwerkplan auf Layer 2 etwa so au:</div><div class="MsoNormal"><br />
</div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhystBYJpeQhRQClBg-aACct_yHJjvrGTu5XxPt9M5_ZrN77YdlIoMMzXC7T1yyEHFqhyphenhyphenk91YnVAL7vXf7F1-2oXRpU7fJx9dfNW1TAM4Cmemo9-KcPX4SQgCWDHXsOken1QnCEdQPR4FiJ/s1600/L2Lab_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhystBYJpeQhRQClBg-aACct_yHJjvrGTu5XxPt9M5_ZrN77YdlIoMMzXC7T1yyEHFqhyphenhyphenk91YnVAL7vXf7F1-2oXRpU7fJx9dfNW1TAM4Cmemo9-KcPX4SQgCWDHXsOken1QnCEdQPR4FiJ/s320/L2Lab_1.png" width="320" /></a></div><br />
<br />
<div class="MsoNormal">Ach ja der Router oben links ist ein 2509 als TermServer der heute günstig für mich abfiel, aber sich noch ein paar Tage auf Reisen befindet.</div><div class="MsoNormal">So, am Sonntag gibt es mehr!</div>NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0tag:blogger.com,1999:blog-5977838822789730906.post-87316833538209808612011-01-03T22:18:00.002+01:002011-01-03T22:20:49.526+01:00DE - Port ChannelWie schon heute Vormittag erwähnt, werde ich mich z.Z. etwas mehr dem CCNP Themen widmen und Überraschung hier ist das erste aus dem SWITCH Bereich: EtherChannel. Da es mir im Moment an echten Switchen fehlt hab ich das ganze soweit wie möglich in GNS3 / Dynamips nachgebaut.<br />
<br />
Das Setup ist denkbar einfach 2x 3725 als Hosts und 2x 3725 mit NM-16ESW als Switches die den EtherChannel bilden, wobei die Switches mit 4 Kabeln direkt an den Interfaces FastEthernet 1/12 - 15 verbunden werden.<br />
<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrVoPrMFC4i5acWGNqgpkfKcGhFv7VfISZKFL3dUlL9twj8E49sixUiEukJW3BC2PLmwmiJaOqj4R3wRyRZZ2ZDGHHLMDD4MM1uXZPXl_EZmUTwoIehxhPvYT8XfQW0VQCOb2ibTM8WIwp/s1600/EtherChannel.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="77" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrVoPrMFC4i5acWGNqgpkfKcGhFv7VfISZKFL3dUlL9twj8E49sixUiEukJW3BC2PLmwmiJaOqj4R3wRyRZZ2ZDGHHLMDD4MM1uXZPXl_EZmUTwoIehxhPvYT8XfQW0VQCOb2ibTM8WIwp/s320/EtherChannel.png" width="320" /></a><br />
<br />
<br />
<br />
<br />
Die Konfiguration ist nur um den Domainnamen, eine IP und den Speed sowie Duplex Einstellungen erweitert worden.<br />
<br />
<code><br />
ip domain name EtherChannel.playingwithnetworks.com<br />
int fast 0/0<br />
speed 100<br />
du fu<br />
ip address 10.0.1.1 255.255.255.0<br />
no shut<br />
</code><br />
<br />
Auf den Switches muss an sich nur der EtherChannel konfiguriert werden. Sobald beide Switches an sind konnte man im Spanning Tree das erwartete verhalten bei redundanten Verbindungen sehen. Das geringwertigste Interface, in diesem Fall FastEthernet 1/12 geht in den forwarding modus die restlichen Interfaces sind im Blocking auf dem Switch der nicht Root Bridge geworden ist. <br />
<br />
<code><br />
<span style="font-size: x-small;">Switch_A#sh spanning-tree brief<br />
VLAN1<br />
Spanning tree enabled protocol ieee<br />
Root ID Priority 32768<br />
Address c20a.1ed0.0000<br />
Cost 19<br />
Port 53 (FastEthernet1/12)<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
<br />
Bridge ID Priority 32768<br />
Address c20b.1ed0.0000<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Aging Time 300<br />
<br />
Interface Designated<br />
Name Port ID Prio Cost Sts Cost Bridge ID Port ID<br />
-------------------- ------- ---- ----- --- ----- -------------------- -------<br />
FastEthernet1/0 128.41 128 19 FWD 19 32768 c20b.1ed0.0000 128.41<br />
<span style="background-color: yellow;">FastEthernet1/12 128.53 128 19 FWD 0 32768 c20a.1ed0.0000 128.53</span><br />
<span style="background-color: orange;">FastEthernet1/13 128.54 128 19 BLK 0 32768 c20a.1ed0.0000 128.54</span><br style="background-color: orange;" /><span style="background-color: orange;"> FastEthernet1/14 128.55 128 19 BLK 0 32768 c20a.1ed0.0000 128.55</span><br style="background-color: orange;" /><span style="background-color: orange;"> FastEthernet1/15 128.56 128 19 BLK 0 32768 c20a.1ed0.0000 128.56</span></span> <br />
</code><br />
<br />
Der EtherChannel kann dann wie folgt konfiguriert werden:<br />
<br />
<code><br />
Interface range fast 1/12 – 15<br />
Switchport trunk encryption dot1q<br />
Switchport mode trunk<br />
Channel-group 1 mode on<br />
</code><br />
<br />
Wobei die Trunk Settings optional sind wichtig ist nur das die Interfaces dieselben Settings haben.<br />
Sobald beide Switches durchkonfiguriert sind und die PortChannel Interfacesauf beiden Up sind verschwinden Interfaces Fast 1/12 – 15 aus der Spanning Tree Ansicht. Es bleibt nur noch das PortChannel 1 Interface im Forwarding Modus.<br />
<br />
<code><br />
<span style="font-size: x-small;">Switch_A#sh spanning-tree brief<br />
<br />
VLAN1<br />
Spanning tree enabled protocol ieee<br />
Root ID Priority 32768<br />
Address c20a.1ed0.0000<br />
Cost 8<br />
Port 321 (Port-channel1)<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
<br />
Bridge ID Priority 32768<br />
Address c20b.1ed0.0000<br />
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec<br />
Aging Time 300<br />
<br />
Interface Designated<br />
Name Port ID Prio Cost Sts Cost Bridge ID Port ID<br />
-------------------- ------- ---- ----- --- ----- -------------------- -------<br />
FastEthernet1/0 128.41 128 19 FWD 8 32768 c20b.1ed0.0000 128.41<br />
FastEthernet1/1 128.42 128 19 FWD 8 32768 c20b.1ed0.0000 128.42<br />
<span style="background-color: orange;">Port-channel1 129.65 128 8 FWD 0 32768 c20a.1ed0.0000 129.65</span></span> <br />
</code><br />
<br />
Das war´s ;)NetWorkGuyhttp://www.blogger.com/profile/05375192099910018977noreply@blogger.com0