Securing THE CAMPUS INFRASTRUCTURE
Understanding and securing against mac layer attacks
What is
-will slow down the network -an attacker can not capture traffic Normally seen on That port
Mitigiation for mac flooding You can use port security in order to limited the number of mac address in to allow switch port.
In Addition, if a switch port is not interested in traffic is flooded to enoghu Use the following command:
switchport block unicast conditions:
- the attaccker must be connected to an access port of a switch
- the same switch must have at least one port in 802.1q trunk
-l 'attacker must belong to the Nativity set vlan on the trunk link As shown in Figure above, as soon as the Catalyst A receives the packet with two tags, as the first tag refers to the native vlan 10, interprets it as control information to be transmitted on the trunk link without any tag (for the definition of native VLAN traffic is untagged) for this reason, the first tag is removed. At this point the Catalyst B receives a packet with Vlan20 tag and then transmits it into the VLAN20. The attacker is then able to "inject" the info all'interno di una vlan in cui lui non appartiene.
VLAN hopping is a type of attack that allow to a malicious user to attack an user in a vlan.
By default all switches create a trunk port. An attacker can send a DTP frame in order to form a trunk with a switch, in this way the attacker is able to sniff all trunk traffic and so all vlan traffic allowed on the trunk.
An attacker can send malicious dtp frame also using an unauthorized cisco switch, in order to form a trunk link with an authorized switch and sniff all vlan traffic allowed on the trunk link. Usually, switches have port configured with auto negotiation turned on, so an attacker can send a DTP negotiation frame to form the trunk.
with double tagging VLAN hopping
In this case an attacker to forward frames through inaccesible vlan That Would Be Legitimate means, using double tagging.
Mitigating VLAN hopping
E 'enough to use as the native vlan vlan id id a "strange" and then make the pruning of the native vlan in the trunk.
Switch (config) # vlan 800
Switch (config-vlan) # name bogus_native Switch (config-vlan) # exit Switch (config) # interface GigabitEthernet 1 / 1 Switch (config-if) # switchport trunk encapsulation
dot1q Switch (config-if) # switchport trunk native vlan 800
Switch (config-if) # switchport trunk allowed vlan remove 800th
Switch (config-if) # switchport mode trunk
Although pruning is done on the native vlan on the link control info such as CDP, PAgP, DTP untagged traffic that is normally continue to be sent the link.
addition, the doors do not do not use should be disabled or be placed in a VLAN that is not "rotated" (that which is not allowed to intervlan routing).
DHCP Snooping
type of attack in which a device pretends to DHCP server and receives all DHCP request sent by the various host them, not just have to send the info out relished subnet, the gateway will send to the default-rouge that in this way and sniffer data ricevrà illegally. It solves this type of attack using the concept of trusted and untrusted port of a switch. On a trusted takes the DHCP reply will be accepted, while on a port no untrusted. The interface in this case, delete the package and into rcevuto errdisable mode. So the DHCP server are connected to ports on the trusted, so you know where you expect to receive DHCP reply.
Enable DHCP snooping with:
Switch (config) # ip dhcp snooping
By default, all ports are untrusted. The following instructions to make them trusted
Switch (config) # interface type mod / num
Switch (config-if) # ip dhcp snooping trust
Tuesday, December 21, 2010
Monday, December 20, 2010
Products For Broken Capillaries
Switched Port Analyzer
Following the scenario that will be used to show how to configure the SPAN.
Following the scenario that will be used to show how to configure the SPAN.
Thursday, December 16, 2010
Can A Dog Take Mylanta
In order to keep trace of users activity and simplify security investigations, is possible to configure a centralized log system, through server, capable to record devices activity. Following basic step to gain that system.
1)Reference topology is:
It is very simple and the server will be located on my personal computer which communicates with router.
2)SysLog will be usedn as server sys log, and you can find it at
syslog server
3)Ip address of the server is 192.168.255.24
4) Setup: the router must indicate where the syslog server (in this case is my computer)
SW1 (config) # logging host 192.168.255.24
5) State what level of log messages
SW1 (config) # logging trap 7
6) Test if everything is actually logged
SW1 # ping 192.168.255.24
Coming:
13 Months And Schedule
Radius / TACACS Server
http://www.freeccnaworkbook.com/labs/section-3-configuring-basic-cisco-device-security/lab-3-2-configuring -local-user-authentication-database /
Topics of this post is to create and use RADIUS and TACACS + server for AAA, user authentication and authorization. Local authentication method is used as backup if communication with the server fails.
AAA servers can be RADIUS or TACACS +
Example 1: local authentication database E 'possibbile enable authentication dot1x global or port-based authentication through the command:
control logic is to follow shortly:
1) I create a user that is stored locally on the database device Router (config) # tom username Cisco privilege 15 secret $ 123 2) Enable AAA authentication
Router (config) # aaa new-model enable
This single command enables AAA then, with the default application list to the VTY.
3) I create a list of authentication and indicates the authentication method, which can be for example "local" server based "Radius", "TACACS +"
Router (config) # aaa authentication login CONSOLE_AUTH local
4) implements the list of authentication to an access method, such as "line-console". "Vty"
Router (config) # line with 0 Router (config-line) # login authentication CONSOLE_AUTH
Example 2: authentication via TACACS + and local database in case the first fails
logic to follow:
-create a user, for example tom with password test and I owe it both locally and save on server TACACS +. At a time when access to an authentication check will be done first on the server and then locally. If you do not creassi this user on the local machine when iltentativo authentication to the server fails (eg because the server is down) then you might not ever utenticare.
Router (config) # tom username cisco privilege 15 secret
/ / TACACS + server Indivisuo Router (config) # tacacs-server host 1.1.1.1 key test
/ / Create the list of authentication and verification before on the server and then locally
Router (config) # aaa authentication login CONSOLE_AUTH group tacacs + local
/ / Apply the list to the access method: Router (config)
# line console 0 Router (config-line) # login authentication CONSOLE_AUTH
http://www.freeccnaworkbook.com/labs/section-3-configuring-basic-cisco-device-security/lab-3-2-configuring -local-user-authentication-database /
Topics of this post is to create and use RADIUS and TACACS + server for AAA, user authentication and authorization. Local authentication method is used as backup if communication with the server fails.
AAA servers can be RADIUS or TACACS +
Example 1: local authentication database E 'possibbile enable authentication dot1x global or port-based authentication through the command:
dot1x system-auto-
control logic is to follow shortly:
1) I create a user that is stored locally on the database device Router (config) # tom username Cisco privilege 15 secret $ 123
Router (config) # aaa new-model enable
This single command enables AAA then, with the default application list to the VTY.
3) I create a list of authentication and indicates the authentication method, which can be for example "local" server based "Radius", "TACACS +"
Router (config) # aaa authentication login CONSOLE_AUTH local
4) implements the list of authentication to an access method, such as "line-console". "Vty"
Router (config) # line with 0 Router (config-line) # login authentication CONSOLE_AUTH
Example 2: authentication via TACACS + and local database in case the first fails
logic to follow:
-create a user, for example tom with password test and I owe it both locally and save on server TACACS +. At a time when access to an authentication check will be done first on the server and then locally. If you do not creassi this user on the local machine when iltentativo authentication to the server fails (eg because the server is down) then you might not ever utenticare.
Router (config) # tom username cisco privilege 15 secret
/ / TACACS + server Indivisuo Router (config) # tacacs-server host 1.1.1.1 key test
/ / Create the list of authentication and verification before on the server and then locally
Router (config) # aaa authentication login CONSOLE_AUTH group tacacs + local
/ / Apply the list to the access method: Router (config)
# line console 0 Router (config-line) # login authentication CONSOLE_AUTH
Wednesday, December 15, 2010
How To Replace The Shower Door Magnet
Links
http://www.theillien.com/Sys_Admin_v12/index.html
Cisco security book http://www .theillien.com/Sys_Admin_v12/index.html
PERL
http://www.techbooksforfree.com/perlpython.shtml GENERAL
http://ruzbookshelves.blogspot.com/2009/03/ebooks-pool.html
TCL http://www.invece.org/tclwise/more_on_procedures.html
IP journal: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_13-3/index. html
http://www.theillien.com/Sys_Admin_v12/index.html
Cisco security book http://www .theillien.com/Sys_Admin_v12/index.html
PERL
http://www.techbooksforfree.com/perlpython.shtml GENERAL
http://ruzbookshelves.blogspot.com/2009/03/ebooks-pool.html
TCL http://www.invece.org/tclwise/more_on_procedures.html
IP journal: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_13-3/index. html
Tuesday, December 14, 2010
One Night In Paris Rick
GNS3 using the PC as a TFTP Server
Connect GNS3 to a PC interface prorpio
1) Create a loopback interface on your PC:
http://www.freeccnaworkbook.com/labs/section-1-getting-started-with-your -cisco-lab/lab-1-8-configuring-a-gns3-ethernet-nio-cloud / 2) We must disable the firewall on Windows 7
3) Install a TFTP server on your PC, for example SolarWinds 4) At this point it is possible for example to backup / restore configuration
Given the above topology, consider the following scenario:
-The TFTP server stores the file "test" that contains a configuration-
In this way I got to restore a previous configuration.
Connect GNS3 to a PC interface prorpio
1) Create a loopback interface on your PC:
http://www.freeccnaworkbook.com/labs/section-1-getting-started-with-your -cisco-lab/lab-1-8-configuring-a-gns3-ethernet-nio-cloud / 2) We must disable the firewall on Windows 7
3) Install a TFTP server on your PC, for example SolarWinds 4) At this point it is possible for example to backup / restore configuration
Given the above topology, consider the following scenario:
-The TFTP server stores the file "test" that contains a configuration-
We want to restore this configuration on the router:
In this way I got to restore a previous configuration.
Friday, December 10, 2010
Toastmaster Recipe 1195
STP
Load Balancing using STP port priority
is a layer 2 protocol used to prevent layer 2 loops in collegamneto with multiple switches.
The election of the ports (designated, blocking, non-designated) takes into account several factors, including the priority of the ports. Playing with the priorities of the doors you get a load balancing of traffic between multiple VLANs. For example:
Obviously we have:
Or the traffic of the four VLANs properly balanced in the two trunk link.
There are two techniques you can use to get this: stp stp port priority and cost.
STP Port Priority
The scheme for the port fastethernet 0 / 1 S1:
PRIORITY
VLAN ---- ------- ----------- S1 4-2 16 3-5128 (default)
In this way, the door will be forwarding the traffic in vlan 4-2 and blocking traffic for VLANs 3-5.
S1 (config) # interface fastethernet 0 / 1 S1 (config-if) # vlan 2 spanning-tree port-priority 16
S1 (config-if) # spanning-tree vlan 4 port-priority 16
Check priorities:
S1 # show spanning-tree interface fastethernet 0 / 1 Vlan Role Sts
Cost Prio.Nbr
Type ---------------- ---- - - --------- -------- ------------------------------- -
VLAN0001 Desg FWD 19 128.1 P2p
VLAN0002 Desg FWD 19 1.16 P2p
VLAN0003 Desg FWD 19 128.1 P2p
VLAN0004 Desg FWD 19 1.16 P2p
VLAN0005 Desg FWD 19 128.1 P2p
The same is repeated for all trunk ports in order to respect the logical pattern above
S1 # show spanning-tree interface FastEthernet 0 / 2 Vlan Role Sts Cost
Prio.Nbr
Type ---------------- ---- --- --------- --- -------------------------------- -----
VLAN0001 Desg FWD 19 128.2 P2p
VLAN0002 Desg FWD 19 128.2 P2p
VLAN0003 Desg FWD 19 2.16 P2p VLAN0004 Desg FWD 19 128.2 P2p VLAN0005 Desg FWD 19 2.16 P2p
Version
Several levrsione are introduced to stp:
1) Common Spanning Tree (CST), referred to as 802.1D in which a single instance of STP runs for the entire network
2) PVST + In this case there is a instance of STP for each VLAN in the network
3) Rapid STP, 802.1w as shown in which there is only one instance of STP with a convergence time high.
4) MST, Multiple Spanning Tree in which more 'with the same VLAN traffic requirements can be arranged in individual instances of STP.
Definitions
STP Bridge ID: + bridge priority MAC address
Default priority: 32.768
Port ID: port priority + port number
Path Cost: cumulative cost to reach the root switch from a switch interface from which you want calcorae cost
Timer Hello-messages -> 2 sec-
're Listening -> 15 sec-Learning
state-> 15 sec-
Listening + Learning = 30 sec -> Forwarding
delay = 20 sec-Max_Age_Timer
Load Balancing using STP port priority
is a layer 2 protocol used to prevent layer 2 loops in collegamneto with multiple switches.
The election of the ports (designated, blocking, non-designated) takes into account several factors, including the priority of the ports. Playing with the priorities of the doors you get a load balancing of traffic between multiple VLANs. For example:
Obviously we have:
Or the traffic of the four VLANs properly balanced in the two trunk link.
There are two techniques you can use to get this: stp stp port priority and cost.
STP Port Priority
The scheme for the port fastethernet 0 / 1 S1:
PRIORITY
VLAN ---- ------- ----------- S1 4-2 16 3-5128 (default)
In this way, the door will be forwarding the traffic in vlan 4-2 and blocking traffic for VLANs 3-5.
S1 (config) # interface fastethernet 0 / 1 S1 (config-if) # vlan 2 spanning-tree port-priority 16
S1 (config-if) # spanning-tree vlan 4 port-priority 16
Check priorities:
S1 # show spanning-tree interface fastethernet 0 / 1 Vlan Role Sts
Cost Prio.Nbr
Type ---------------- ---- - - --------- -------- ------------------------------- -
VLAN0001 Desg FWD 19 128.1 P2p
VLAN0002 Desg FWD 19 1.16 P2p
VLAN0003 Desg FWD 19 128.1 P2p
VLAN0004 Desg FWD 19 1.16 P2p
VLAN0005 Desg FWD 19 128.1 P2p
The same is repeated for all trunk ports in order to respect the logical pattern above
S1 # show spanning-tree interface FastEthernet 0 / 2 Vlan Role Sts Cost
Prio.Nbr
Type ---------------- ---- --- --------- --- -------------------------------- -----
VLAN0001 Desg FWD 19 128.2 P2p
VLAN0002 Desg FWD 19 128.2 P2p
VLAN0003 Desg FWD 19 2.16 P2p VLAN0004 Desg FWD 19 128.2 P2p VLAN0005 Desg FWD 19 2.16 P2p
Version
Several levrsione are introduced to stp:
1) Common Spanning Tree (CST), referred to as 802.1D in which a single instance of STP runs for the entire network
2) PVST + In this case there is a instance of STP for each VLAN in the network
3) Rapid STP, 802.1w as shown in which there is only one instance of STP with a convergence time high.
4) MST, Multiple Spanning Tree in which more 'with the same VLAN traffic requirements can be arranged in individual instances of STP.
Definitions
STP Bridge ID: + bridge priority MAC address
Default priority: 32.768
Port ID: port priority + port number
Path Cost: cumulative cost to reach the root switch from a switch interface from which you want calcorae cost
Timer
're Listening -> 15 sec-Learning
state-> 15 sec-
Listening + Learning = 30 sec -> Forwarding
delay = 20 sec-Max_Age_Timer
Thursday, December 9, 2010
Malaria Internal Body Systems
Brief Review CCNA: Router on a stick
Intervlan Switch using GNS3
refernce: Following post
show GNS3 configuration in order to have: a router-
run as a router-switch
run as PC
Topology is:
My target is to show:
-How to run as a router switch
As soon as you need to connect the switch with a PC or a router, you have to use "manual configuration" in GNS3, otherwise it will no possible to configure switch interface in trunk/access mode.
Now interface Fastethernet 0/0 and 0/1 can be configure in trunk and access mode respectively:
Intervlan Switch using external-router:packet-tracer
Very simple configuration example of inter-vlan routing using an external router. Topology consist of one router 2621 and one switch 2950. There are two Vlan's indicated as Vlan 2, Vlan3 following ip address scheme: -VLAN 2 (native)10.0.0.0/24
-VLAN 3 10.0.1.0/24
Target is to allow communication between Vlan's using an external router as L3 routing devices.
Follow the configuration's for switch and router:
interface FastEthernet0/1
switchport trunk native vlan 2
switchport mode trunk
switchport nonegotiate ! interface FastEthernet0/2 switchport access vlan 2 switchport mode access interface FastEthernet0/3 switchport access vlan 3
switchport mode access
Router:
hostname Router
ip dhcp excluded-address 10.0.0.1 ip dhcp excluded-address 10.0.1.1
!
ip dhcp pool vlan2
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
ip dhcp pool Vlan3
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
interface FastEthernet0/0.2
encapsulation dot1Q 2 native
ip address 10.0.0.1 255.255.255.0
! interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 10.0.1.1 255.255.255.0
In the router configuration's note the two different address pool to allow a router to be a DHCP server for hosts.
Intervlan Switch using GNS3
refernce: Following post
show GNS3 configuration in order to have: a router-
run as a router-switch
run as PC
Topology is:
My target is to show:
-How to run as a router switch
-create vlan in gns3 -configure interfaces in trunk/access mode
Configure a router as switch Router 3640 and configures with a NM-16SW. As soon as you need to connect the switch with a PC or a router, you have to use "manual configuration" in GNS3, otherwise it will no possible to configure switch interface in trunk/access mode.
Now interface Fastethernet 0/0 and 0/1 can be configure in trunk and access mode respectively:
Intervlan Switch using external-router:packet-tracer
Very simple configuration example of inter-vlan routing using an external router. Topology consist of one router 2621 and one switch 2950. There are two Vlan's indicated as Vlan 2, Vlan3 following ip address scheme: -VLAN 2 (native)10.0.0.0/24
-VLAN 3 10.0.1.0/24
Target is to allow communication between Vlan's using an external router as L3 routing devices.
Follow the configuration's for switch and router:
interface FastEthernet0/1
switchport trunk native vlan 2
switchport mode trunk
switchport nonegotiate ! interface FastEthernet0/2 switchport access vlan 2 switchport mode access interface FastEthernet0/3 switchport access vlan 3
switchport mode access
Router:
hostname Router
ip dhcp excluded-address 10.0.0.1 ip dhcp excluded-address 10.0.1.1
!
ip dhcp pool vlan2
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
ip dhcp pool Vlan3
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
interface FastEthernet0/0.2
encapsulation dot1Q 2 native
ip address 10.0.0.1 255.255.255.0
! interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 10.0.1.1 255.255.255.0
In the router configuration's note the two different address pool to allow a router to be a DHCP server for hosts.
Friday, December 3, 2010
How Can Congratulate Birthday Originally
Cisco Switching Methods: Multilayer switching concepts
MultiLayerSwitch often used instead of router to route inter-valn for purely economic issues. Swicth a multi layer has a higher density of ethernet ports of a router, may even have cost a third less and is only concerned with routing / switching inter-VLAN.
L3 switches are equipped with a specialized hardware chips called ASICs (Application-Specific Integrated Circuits) whose job it is to perform routing between the Ethernet ports, at high speed.
difference between L3 and Routing swiching
The process of routing IP packet can eseere divided into two processes:
-> Control Plane
in charge instead of simply making the routing of packets
The difference Switch between Router and L3 data plane is implemented as is. Inside the Control Plane, there is a general purpose CPU, programmed by different vendors, with the routing algorithms. E 'waving bright then the control plane is responsible for creating the routing tables and update them as soon as there is a change of topology. The Control Plane indicates where then rotate the packages. So Control Plane working in the "software". Conversely
the Data Plane indicates
rotate as the packages, then a far more 'simple, practically consists in making the rewrite of the MAC to be forward. Swicthes The difference between Router and L3 is right in the data plane: -routers implement the data plane within the CPU dedicated to the Control Plane, and then works in a software- the switches implement the data plane hardware through mode the ASIC. The routing is increasingly veòloce hardware than the software.
In general, when a router receives a package and must forword performs the following operations: 1) To determine if the destination is reached 2) Determine the next-hop and output interface of the package
3) Make the rewrite of the MAC, or replace the source address and destination of the packet at Level 2 received, with its own MAC and the MAC of the next hop (for this purpose using an ARP request)
packages using a router forwarding to:
-Fast-Switching Process switchng (Interrupt Context Switching) -CEF (Interrupt Context Switching)
Process switching
E 'the traditional method used in the past, supported by all devices and all of the IOS, now used only for throubleshooting.
The router receives the packet, performs the analysis of the destination IP address, figure out where to send the packet, performs the MAC rewrite, recalculates the CRC and sends the package, all of this software.
It 's a method that consumes so much CPU is used only for this reason being throubleshooting.
Now, if you have Process Switching: The decision to
-forwarding and info used to make the rewrite of the MAC are taken and read or RIB table (Route Information Table) or ARP cache
-package and switch to sull'IOS a process running on the router and that does not stop when involved in another process running on the router then itself.
Interrupt Context Switching
is another switching methods used by Cisco routers. In this case, the MAC rewrite info is read from a cache and also the task of packet forwarding stops processes running at that time sull'ios.
cache is built according to the following methods:
-CEF-switching Fast
Fast switching (based on route caching)
the MLS that have aspects of both L2 L3, in principle used the philosophy "route one, swicth many. The fast
swicthing uses the concept of flow, which is a set of packages that belong to the same Protocol and that have the same source and same destination. The route processor receives the first packet, makes a routing decision and forwards. The switch engine look at the package forward and if he can "see" the packet that arrives or is sent from router to router, then intervenes and is used as a shortcut path for forward future packets in this stream. This is an example of route caching
.
Then the first packet and forward in the next software in hardware.
When the route processor receives a packet and decides to forward, a cache write this info table (hardware forwarding table, contained in 'ASIC) and all future packets on this flow are switch via hardaware.
The important concept is that until you get the package to the router, the router is unable to populate the cache hardware.
Topology-based switching
This method is based on CEF
route caching differs from the fact that in this case, the cache table (FIB and Adiajency Table) created in hardware are populated based on route table and arp table, without the need to populate them after forwarding the first received packet. Thus, unlike the route caching, all packages are Forward in hardware. To understand the advantage over the route caching is enough to think that in the latter If, for any stream created (VoIP phone, connection FTP, HTTP request etc,) is always the first packet forwarding to a software! And 'this can create slow compared to hardware forwarding.
The key concept is that the Control Plane and Data Plane are perfectly separated by ASIC, and then both are implemented in hardware.
FIB Table
TABLES USED IN SWITCHING
MultiLayerSwitch often used instead of router to route inter-valn for purely economic issues. Swicth a multi layer has a higher density of ethernet ports of a router, may even have cost a third less and is only concerned with routing / switching inter-VLAN.
L3 switches are equipped with a specialized hardware chips called ASICs (Application-Specific Integrated Circuits) whose job it is to perform routing between the Ethernet ports, at high speed.
difference between L3 and Routing swiching
The process of routing IP packet can eseere divided into two processes:
-> Control Plane
in charge of creating the routing tables, ARP table -> Data Plane
in charge instead of simply making the routing of packets
The difference Switch between Router and L3 data plane is implemented as is. Inside the Control Plane, there is a general purpose CPU, programmed by different vendors, with the routing algorithms. E 'waving bright then the control plane is responsible for creating the routing tables and update them as soon as there is a change of topology. The Control Plane indicates where then rotate the packages. So Control Plane working in the "software". Conversely
the Data Plane indicates
rotate as the packages, then a far more 'simple, practically consists in making the rewrite of the MAC to be forward. Swicthes The difference between Router and L3 is right in the data plane: -routers implement the data plane within the CPU dedicated to the Control Plane, and then works in a software- the switches implement the data plane hardware through mode the ASIC. The routing is increasingly veòloce hardware than the software.
In general, when a router receives a package and must forword performs the following operations: 1) To determine if the destination is reached 2) Determine the next-hop and output interface of the package
3) Make the rewrite of the MAC, or replace the source address and destination of the packet at Level 2 received, with its own MAC and the MAC of the next hop (for this purpose using an ARP request)
packages using a router forwarding to:
-Fast-Switching Process switchng (Interrupt Context Switching) -CEF (Interrupt Context Switching)
Process switching
E 'the traditional method used in the past, supported by all devices and all of the IOS, now used only for throubleshooting.
The router receives the packet, performs the analysis of the destination IP address, figure out where to send the packet, performs the MAC rewrite, recalculates the CRC and sends the package, all of this software.
It 's a method that consumes so much CPU is used only for this reason being throubleshooting.
Now, if you have Process Switching: The decision to
-forwarding and info used to make the rewrite of the MAC are taken and read or RIB table (Route Information Table) or ARP cache
-package and switch to sull'IOS a process running on the router and that does not stop when involved in another process running on the router then itself.
Interrupt Context Switching
is another switching methods used by Cisco routers. In this case, the MAC rewrite info is read from a cache and also the task of packet forwarding stops processes running at that time sull'ios.
cache is built according to the following methods:
-CEF-switching Fast
Fast switching (based on route caching)
the MLS that have aspects of both L2 L3, in principle used the philosophy "route one, swicth many. The fast
swicthing uses the concept of flow, which is a set of packages that belong to the same Protocol and that have the same source and same destination. The route processor receives the first packet, makes a routing decision and forwards. The switch engine look at the package forward and if he can "see" the packet that arrives or is sent from router to router, then intervenes and is used as a shortcut path for forward future packets in this stream. This is an example of route caching
.
Then the first packet and forward in the next software in hardware.
When the route processor receives a packet and decides to forward, a cache write this info table (hardware forwarding table, contained in 'ASIC) and all future packets on this flow are switch via hardaware.
The important concept is that until you get the package to the router, the router is unable to populate the cache hardware.
Topology-based switching
This method is based on CEF
route caching differs from the fact that in this case, the cache table (FIB and Adiajency Table) created in hardware are populated based on route table and arp table, without the need to populate them after forwarding the first received packet. Thus, unlike the route caching, all packages are Forward in hardware. To understand the advantage over the route caching is enough to think that in the latter If, for any stream created (VoIP phone, connection FTP, HTTP request etc,) is always the first packet forwarding to a software! And 'this can create slow compared to hardware forwarding.
The key concept is that the Control Plane and Data Plane are perfectly separated by ASIC, and then both are implemented in hardware.
FIB Table
TABLES USED IN SWITCHING
Thursday, December 2, 2010
Buck Stove Fan Problems
Network Monitoring: IPSLA, SNMP
for network management are the following operations to be performed on a network: configuring, monitoring, throubleshooting.
SNMP protocol is an example of management and is the most commonly used within an IP network. It consists essentially of three components: -A manager is the devices (PC or router) is used to display the result of monitoring. You can use several tools for displaying results, such as HP-Opem View
an agent is the device (access servers, routers, switches) to monitor
-A protocol used for communication between agent and server (SNMP)
Funzionamemto:
The manager, when they want to require the info and info is being transmitted between agents and managers through the use of SNMP.
addition to this pool with some frequency by the manger, there is the possibility to activate a trap or information sent by the agent directly to the manager, for example when some event is triggered.
SNMP Community string is a password set on the agent, that allows the manager to access ("Access-Level") to the MIB according to different modaltà :
-Read-only-Read-write: the manager has full access to the MIB, but can not change the community string
-Read-write -all: The manager can do everything (read, write mib, change community string)
configuration steps:
1) the community string is set on the agent and the associated access-lievel " S ( config) # snmp-server community ro readmeCommunity
S (config) # snmp-server community rw writemeCommunity
2) Can I enable the agent to inform the manager of information, for example, if something happens:
S (config ) # snmp-server trap {enable through the MIB browser, the manager has the ability to query on the agent to view the information.
For example you can use the following MIBs: MIB
Tree.router_std MIBs.iso.org.dod.internet.mgmt.mib-2.system.sysDescr
(ref: http://www.webnms.com / cagent / help / technology_used / c_snmp_overview.html # mib)
to see, for example, the IOS version on router "Medway, ME."
In this particular case, the manager sends a request of Get to the agent, and is then able, through MIB Browser displays the value or the request sent.
Reference Cisco http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Example with GNS3
Here is a LAB that is used:
- the agent is a router 3640, which IOS is c3640-mz.124-16a-jk9o3s
- while the manager is installed MibBrowser on my local PC
- clearly there is full visibility between the router and my PC
Step 1: Choose the
Cisco MIB provides MIB according to the device that you want to do the management.
For example, in our case, I have a 3640 with a particular IOS. From the site http://tools.cisco.com/ITDIT/MIBS/MainServlet?ReleaseSel=3407&PlatformSel=81&fsSel=0 you can select the MIB associated with your device, the version IOS and feature set supported. Once you select the MIB of interest, I have saved locally and then loaded on mibbrowser
At this point you can query the agent using the Mib Browser.
The topology of reference is:
The interface of the router has the ip address 192.168.255.29, and then in the mib MibBrowser will call for pointing to this address.
IP SLA
Network Management Tool used for, or verify that the network is working properly for example.
With IP SLA is an agreement between the service provider and the company holding network, quality of service provided by the service provider and perceived by the user. The network administrator can monitor the network, and verify that the agreement is ripsettato ISP, or track to take proactive action on any problems of the network. IP SLA measures are: -jitter, latency, packet loss -RTT, Round Trip Time
IP SLA configuration implies the configuration of a source that monitors and another device configured as a responder who is "monitored".
The device that acts as IP SLA Source sends probe to which the responder must clearly respond. These probes are then used to calculate the measures deiderate (jitter, RTT, packet loss etc)
The responder can be qualiasi IP system, but if it is a Cisco device properly set as responders, the measure will be more accurate. Before starting the actual measurement of scmbio relished there is a source of info and IP SLA responder referred to as Control Protocol (UDP port 1967).
Configurations:
-Source:
Define the identifier ip-sla-
Define the operation and address of the target
-Define the frequency-
Define the measure when it starts -Define the possible reaction
Typically, the source collects the necessary info, stores it in the MIB which can then be read via SNMP. If
to monitor specific S3 S4 S3 and S4 should be monitored.
Solution Plan 1: S3 S4 monitors
Source-> Responder S3-> S4 Operation -> icmp echo, an operation used to measure the time interval between an echo from a source and a reply by any device into an IP address (in this case do not have to configure the responder)
S3 (config) # ip sla 1
S3 (config-ip-sla) # icmp-echo "ip address of any interface of the switch S4"
/ / It's like if I did a ping interface
Solution Plan 2: S3 S4 monitors Source-> Responder S4-> S3 S4
(config) # ip sla 1
S4 (config-ip-sla) # icmp-echo "ip address of any interface of the switch S3" IP SLA Operation
Before starting the monitoring, there is a kind of synchronization between source and responder, follow the steps listed below: 1) The source sends an IP SLAs control message indicating the operation that also want to use UDP port 1967. The control message contains the protocol, port, and the operation defined on the source router.
-MD5 is enabled even if the checksum is sent
-You can also enable authentication: if it fails the first destination responder sends a message authentication failaure
-If a response is not received by the responder, the source always tries to resend the message.
2) The responder sends a confirmation message when it receives the invitation and is set to listen on the specified port
3) If the answer is OK, the source starts to send probe packets
4) The responder responds
for network management are the following operations to be performed on a network: configuring, monitoring, throubleshooting.
SNMP protocol is an example of management and is the most commonly used within an IP network. It consists essentially of three components: -A manager is the devices (PC or router) is used to display the result of monitoring. You can use several tools for displaying results, such as HP-Opem View
an agent is the device (access servers, routers, switches) to monitor
-A protocol used for communication between agent and server (SNMP)
Funzionamemto:
are connected via UDP port 161 and 162 for the agent to the Manager.
The agent "picks" of info that are then stored locally thanks to the MIB The manager, when they want to require the info and info is being transmitted between agents and managers through the use of SNMP.
addition to this pool with some frequency by the manger, there is the possibility to activate a trap or information sent by the agent directly to the manager, for example when some event is triggered.
SNMP Community string is a password set on the agent, that allows the manager to access ("Access-Level") to the MIB according to different modaltà :
-Read-only-Read-write: the manager has full access to the MIB, but can not change the community string
-Read-write -all: The manager can do everything (read, write mib, change community string)
configuration steps:
1) the community string is set on the agent and the associated access-lievel " S ( config) # snmp-server community ro readmeCommunity
S (config) # snmp-server community rw writemeCommunity
2) Can I enable the agent to inform the manager of information, for example, if something happens:
S (config ) # snmp-server trap {enable through the MIB browser, the manager has the ability to query on the agent to view the information.
For example you can use the following MIBs: MIB
Tree.router_std MIBs.iso.org.dod.internet.mgmt.mib-2.system.sysDescr
(ref: http://www.webnms.com / cagent / help / technology_used / c_snmp_overview.html # mib)
to see, for example, the IOS version on router "Medway, ME."
In this particular case, the manager sends a request of Get to the agent, and is then able, through MIB Browser displays the value or the request sent.
Reference Cisco http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Example with GNS3
Here is a LAB that is used:
- the agent is a router 3640, which IOS is c3640-mz.124-16a-jk9o3s
- while the manager is installed MibBrowser on my local PC
- clearly there is full visibility between the router and my PC
Step 1: Choose the
Cisco MIB provides MIB according to the device that you want to do the management.
For example, in our case, I have a 3640 with a particular IOS. From the site http://tools.cisco.com/ITDIT/MIBS/MainServlet?ReleaseSel=3407&PlatformSel=81&fsSel=0 you can select the MIB associated with your device, the version IOS and feature set supported. Once you select the MIB of interest, I have saved locally and then loaded on mibbrowser
At this point you can query the agent using the Mib Browser.
The topology of reference is:
The interface of the router has the ip address 192.168.255.29, and then in the mib MibBrowser will call for pointing to this address.
IP SLA
Network Management Tool used for, or verify that the network is working properly for example.
With IP SLA is an agreement between the service provider and the company holding network, quality of service provided by the service provider and perceived by the user. The network administrator can monitor the network, and verify that the agreement is ripsettato ISP, or track to take proactive action on any problems of the network. IP SLA measures are: -jitter, latency, packet loss -RTT, Round Trip Time
IP SLA configuration implies the configuration of a source that monitors and another device configured as a responder who is "monitored".
The device that acts as IP SLA Source sends probe to which the responder must clearly respond. These probes are then used to calculate the measures deiderate (jitter, RTT, packet loss etc)
The responder can be qualiasi IP system, but if it is a Cisco device properly set as responders, the measure will be more accurate. Before starting the actual measurement of scmbio relished there is a source of info and IP SLA responder referred to as Control Protocol (UDP port 1967).
Configurations:
-Source:
Define the identifier ip-sla-
Define the operation and address of the target
-Define the frequency-
Define the measure when it starts -Define the possible reaction
Typically, the source collects the necessary info, stores it in the MIB which can then be read via SNMP. If
to monitor specific S3 S4 S3 and S4 should be monitored.
Solution Plan 1: S3 S4 monitors
Source-> Responder S3-> S4 Operation -> icmp echo, an operation used to measure the time interval between an echo from a source and a reply by any device into an IP address (in this case do not have to configure the responder)
S3 (config) # ip sla 1
S3 (config-ip-sla) # icmp-echo "ip address of any interface of the switch S4"
/ / It's like if I did a ping interface
Solution Plan 2: S3 S4 monitors Source-> Responder S4-> S3 S4
(config) # ip sla 1
S4 (config-ip-sla) # icmp-echo "ip address of any interface of the switch S3" IP SLA Operation
Before starting the monitoring, there is a kind of synchronization between source and responder, follow the steps listed below: 1) The source sends an IP SLAs control message indicating the operation that also want to use UDP port 1967. The control message contains the protocol, port, and the operation defined on the source router.
-MD5 is enabled even if the checksum is sent
-You can also enable authentication: if it fails the first destination responder sends a message authentication failaure
-If a response is not received by the responder, the source always tries to resend the message.
2) The responder sends a confirmation message when it receives the invitation and is set to listen on the specified port
3) If the answer is OK, the source starts to send probe packets
4) The responder responds
Tuesday, November 30, 2010
Is Hdmi The Best Audio Hookup
CCNP Lab (Description to be completed)
TASKS
Task are:
TASK 1 -> OSPF
swithes Among the core and distribution switches you ospf, with the following loopback interfaces configured: 3.3.3.3/24, 4.4. 4.4/24, 5.5.5.5/24, 6.6.6.6/24
TASK 2 -> EtherChannel
L3/L2 L3 EtherChannel between the two core switches, and L2 Etherchannel between the two Distribution Switches
TASK 3 -> VLAN
We have 4 vlan, run by MST, and includes:
-VLAN 150 (voice VLAN) and 90 (data VLANs) that have as Route Bridge
S3-VLAN 100 (web server) and 97 (untagged) which have the Bridge Route S4
TASK 4 -> Default Gateway Redundancy HSRP Redundancy
default-gateway: the creation of two HSRP groups, the group 150 which has the active router S4, S3 standby (default gateway for VLAN 100 to 97) and the group 100 which has the active router S3, S4 standby mode (default gateway for VLAN 150 and 90)
TASK 5 -> IP SLA
IP SLA with S3 and S4 which controls S3 S4 which controls TASK 6 -> Port Security Configuration port-security, with 2 switch that allows only 3 1 mac and switches that allows up to 5 mac
TASK 7 -> DHCP Server DHCP Server
for VLANs 100 and 150 there are two DHCP servers
TASK 2 -> ETEHRCHANNEL There are two types of etherchanel: a level 2 and level 3.
EtherChannel Layer 3 are usually configured when you have a multilayer switch core connected to a distribution of multilayer switches. In this secnario you can think of "putting together" multiple interfaces in order to have redundancy in the connection between the two devices and increase the available bandwidth.
L3 Etherchannel configuration:
S5 (config) # interface port-channel 1 S5 (config-if) # no switchport
/ / E 'in effect a interface layer 3, so I have an IP address asseganre S5 (config-if) # no switchport S5 (config-if) # ip address 172.0.0.1 255.255.255.0
/ / selection interface that will be part of 1 PortChannel S5 (config) # interface range fastethernet 0 / 0 to 1 S5 (config-if-range) # no switchport
/ Association / port-channel physical interface. Clearly, in order to form the 'EtherChannel must be set so that the appropriate mode (LACP or PAgP) S5 (config-if-range) # channel-group 1 mode on
S6 (config) # interface port-channel 1
S6 (config-if) # no switchport
/ / E 'in all respects an interface layer 3, so I asseganreun IP address S6 (config-if) # no switchport S6 (config-if) # ip address 172.0.0.2 255.255.255.0
/ / selection interface that will be part of a PortChannel
S6 (config) # interface range fastethernet 0 / 0 to 1
S6 (config-if-range) # channel-group 1 mode on
L2 Etherchannel configuration :
In this case, redundancy and increased bandwidth you have level 2, or "aggregate" two level-2 interface. In general L2 can aggregate up to a maximum of eight interfaces, you can do load-balancing, have advantages in the management the STP. Port Channel to form the two possible protocols are: LACP (802.3ad) and PAgP (Cisco).
/ / Create the port-channel
S3 (config) # interface range fastethernet 0 / 3 - 4
S3 (config-if-range) # channel-group 2 mode active
/ / The port-chanel 2 I consider as a level 2 interface, and as such will support the vlan interface, the configuration mode trunk S3 (config) # interface port-channel 2
S3 (config-if) # switchport mode trunk
S3 (config-if) # switchport trunk native vlan 97
/ / The same for S4 / / Create the port-channel
S4 (config) # interface range fastethernet 0 / 3 - 4
S4 (config-if-range) # channel-group 2 mode active
/ / The port-2 chanel regard it as a level 2 interface, and as such will support the vlan interface, the configuration mode trunk S4 (config) # interface port-channel 2
S4 (config-if) # switchport mode trunk
S4 (config-if) # switchport trunk native vlan 97
• Due to the presence of the vlan and the need to make them communicate with each other, I have to apply on the links of the protocols that support the creation and transmission of packets properly tagged according to the VLAN membership. • Using the protocol
TASK 3 -> MSTP
The scenario requires the use of Multiple Spanning Tree Protocol. With this protocol we create an instance of the groups and within each instance associated with one or more VLANs. Benefits MST (802.1s): if I used the 802.1q STP, there would be a stp instance for all VLANs, so the two links used by the access switch to the distribution switch, only one would be used as la'ltro in blocking mode. With Multiple Spanning Tree Protocol is said to create more such 'instances for each instance of STP and include one or more' vlan. I remember that the STP is used only to prevent loops at Layer 2. Using the Multiple Spanning Tree, you can create, for example in our case, two logical topologies in order to exploit all the available links and have no links unused.
• Put all the switches in transparent mode and on each one I create vlans 150, 90, 100, 97
S1 (config) # vtp mode transparent
S1 (config) # vlan 150
S1 (config) 90
# vlan S1 (config) # vlan 100
S1 (config) # vlan 97
S2 (config) # vtp mode transparent
S2 (config) # vlan 150
S2 (config) # vlan 90 S2 (config) # vlan 100
S2 (config) # vlan 97
S3 (config) # vtp mode transparent
S3 (config) # vlan 150 S3 (config) # vlan 90
S3 (config) # vlan 100 S3 (config) # vlan 97
S4 (config) # vtp mode transparent
S4 (config) # vlan 150
S4 (config) # vlan 90
S4 (config) # vlan 100
S4 (config) # vlan 97
• Currently there is no protocol to propagate this info (as in vtp example)
• Necessarily then you must configure MST on each switch. The steps are: 1
. Enabling MST on switches:
S1 (config) # spanning-tree mode mst
S2 (config) # spanning-tree mode mst
S3 (config) # spanning-tree mode mst
S4 (config) # spanning-tree mode mst
2. Enter config mode in MST:
S (config) # spanning-tree mst configuration
S1 (config) # spanning-tree mst configuration
S2 (config) # spanning-tree mst configuration
S3 (config) # spanning-tree mst configuration
S4 (config) # spanning-tree mst configuration
3. Give the name of the MST region:
S (config-mst) # name name
S1 (config-mst) # name Lab
S2 (config-mst) # name Lab
S3 (config-mst) # name Lab
S4 (config-mst) # name Lab
4. Assign a configuration number to the MST region:
S (config-mst) # revision version
S1 (config-mst) # revision 1
S2 (config-mst) # revision 1
S3 (config-mst) # revision 1
S4 (config-mst) # revision 1
5. VLAN and instance mapping. In our case vlan 150, instance 1 vlan 90 with 100, 97 with 2 instance
S1 (config-mst) # instance 1 vlan 150, 90
S1 (config-mst) # instance 2 van 10, 97
S2 ( config-mst) # instance 1 vlan 150, 90
S2 (config-mst) # instance 2 van 10, 97
S3 (config-mst) # instance 1 vlan 150, 90
S3 (config-mst) # instance 2 van 10, 97
S4config-mst) # instance 1 vlan 150, 90
S4config-mst) # instance 2 van 10, 97
6. Select I root for the various departments, in this case because the request was to have as a root for vlan 150 S3 and S4 as 90 and root for vlan 10, 97:
S (config) # spanning-tree mst instance- id root primary
S3 (config) # spanning-tree mst 1 root primary
S3 (config) # spanning-tree mst 2 root secondary
S4 (config) # spanning-tree mst 2 root primary
S4 (config) # spanning-tree mst 1 root secondary
This way I get two logical topologies in 2 completely different.
INTERVLAN ROUTING
E 'clear intervlan this transmission should be allowed and then I will use the SVI.
• Using SVI, the two multilayer switches S3 and S4 has been made in step 2 during the configuration of 'HSRP.
Task 4 -> HSRP default gateway redundancy-
• I have four VLANs and each have a different subnet:
(S3) vlan 150 -> 172.16.0.0 / 28
( S4) vlan 100 -> 172.16.0.64 / 28
• The two mls distribution will take care of routing intervlan. I apply development, according to this scheme that I have to confirm it is true or not:
S3 -> 172.16.0.0 VLAN 150 / 28 (default gateway: 172.16.0.1)
S4 -> VLAN 100 172.16.0.64 / 28 (default gateway: 172.16.0.65)
• Thinking that I should now I HSRP integrate with SVI in the sense that: as has been developed until now that I physically siwtchare SVI for VLAN 150 traffic is on S3. If I implement HSRP and VLAN index for this, S3 as "Active Router and S4 as backup router must implement SVI for vlan 150 featured in s4? It
• Side HSRP diagram above is respected, that you need:
Group 150 -> Active Router S3, S4
Group Backup router 100 -> Active Router S4, S3
• Backup router configuration HSRP S3 (config) # interface vlan 150
S3 (config-if) # 172.16.0.2 255.255.255.0
S3 (config-if) # standby 150 priority 200
S3 (config-if) # standby ip 172.16.0.1
/ / (ip virtual subnet must belong to the same virtual interface "150", but should have two distinct addresses)
S3 (config) # interface vlan 100
S3 (config-if) # standby priority 100 150
S3 (config-if) # standby ip 255.255.255.0 172.16.0.66
S3 (config-if) # standby 100 priority 200 S3 (config-if) # standby ip 172.16.0.65
S4 (config ) # interface vlan 100
S4 (config-if) # standby priority 100 200
S4 (config-if) # standby ip 172.16.0.65
S4 (config) # interface vlan 100
S4 (config-if) # standby 150 priority 150
S4 (config-if) # standby ip 172.16.0.1
Task 5 -> IP SLA: Service Level Agreement
Network Management Tool used for, or verify that the network is working properly for example.
With IP SLA is an agreement between the service provider and the company holds a network, quality of service provided by the service provider and perceived by the user.
The network administrator can monitor the network, and verify that the agreement is ripsettato ISP, or track to intervene proactively to potential problems of the network. IP SLA measures are:
-jitter, latency, packet loss
-RTT, Round Trip Time
IP SLA configuration implies the configuration of a source that monitors and another device configured as a responder who is "monitored".
The device that acts as IP SLA Source sends probe to which the responder must clearly respond. These probes are then used to calculate the measures deiderate (jitter, RTT, packet loss etc)
The responder can be qualiasi IP system, but if it is a Cisco device properly set as responders, the measure will be more accurate.
Before starting the actual measurement relished there is a scmbio of info between source and responder referred to as IP SLA Control Protocol (UDP port 1967).
Configurations:
-Source:
Define the identifier ip-sla-
Define the operation and address of the target
-Define the frequency-
Define the measure when it starts
-Define the 'any reaction
Typically, the source collects the necessary info, stores it in the MIB which can then be read via SNMP.
In the specific case should be monitored S3 S4 S4 and S3 should be monitored.
Solution Plan 1: S3 S4 monitors
Source-> Responder
S3-> S4
Operation -> icmp echo, an operation used to measure the time interval between an echo from a source and a reply by any device into an IP address (in this case do not have to configure the responder)
S3 ( config) # ip sla 1
S3 (config-ip-sla) # icmp-echo "ip address of any interface of the switch S4"
/ / It's like if I did a ping interface
Solution Plan 2: S3 S4 monitors Source-> Responder S4-> S3 S4
(config) # ip sla 1
S4 (config-ip-sla) # icmp-echo "ip address of any interface of the switch S3"
PRIVATE VLAN
Reference: https: / / supportforums.cisco.com/thread/2055062.pdf
Since the scheme above, the request is:
• PC3, 4.5 can not communicate between them but only with the PC2
• Looking known:
or PC4 and PC5 belong to the same VLAN but at the same time
can not communicate with each other: it is not strange is correct. The PVLAN
must be seen as the ACL, and PC5 PC4 that will address
the same subnet (VLAN 150) but do not communicate with each other. The PVLAN
as they aim to isolate the ports Level 2.
• Rules to follow when implementing VLANs:
or I can not use the numbers 1, or when implementing 1002.1005
PVLAN always configure the switches in transparent mode or I can make a PVLAN a VLAN if the VLAN does not has access doors defined.
• For the scheme above we have (ref:
https: / / supportforums.cisco.com/message/3160548
# 3160548):
Planned Solution - Creating a secondary VLAN for PC 3.4 , 5: 202 PVLAN
- Create a primary VLAN to the PC 1, so I meet the requirements date: PVLAN 201 - Swicth di accesso S1:
//Creazione PVLAN isolated
Switch1(config)#vtp transparent
Switch1(config)#vlan 202
Switch1(config-vlan)#private-vlan isolated //Creazione PVLAN primary PVLAN 100
Switch1(config)#vtp transparent
Switch1(config)#vlan 100 Switch1(config-vlan)#private-vlan primary
//Associazione primary PVLAN 100 con secondary PVLAN 202
Switch1(config-vlan)#private-vlan association 202
//Configurazione interfaces
/ / Create host port (Doubts? must also be included in access to VLANs 100 and 150
?)
Switch1 (config) # interface range fastethernet 0 / 2 to 4
Switch1 (config-range- if) # switchport mode private-vlan host Switch1 (config-if-range) # switchport private-vlan host-association 100 202
/ / Create promiscuos port: This port must support the fact
traffic isolated vlan 202 (and to support normal traffic vlan 150 and 100? I leave the port in trunk mode?) Switch1 (config) # interface range fastethernet 0 / 1
Switch1 (config-if) # switchport mode private-vlan promiscuos
Switch1 (config-if-range) # switchport private-vlan mapping 100 202
TASKS
Task are:
TASK 1 -> OSPF
swithes Among the core and distribution switches you ospf, with the following loopback interfaces configured: 3.3.3.3/24, 4.4. 4.4/24, 5.5.5.5/24, 6.6.6.6/24
TASK 2 -> EtherChannel
L3/L2 L3 EtherChannel between the two core switches, and L2 Etherchannel between the two Distribution Switches
TASK 3 -> VLAN
We have 4 vlan, run by MST, and includes:
-VLAN 150 (voice VLAN) and 90 (data VLANs) that have as Route Bridge
S3-VLAN 100 (web server) and 97 (untagged) which have the Bridge Route S4
TASK 4 -> Default Gateway Redundancy HSRP Redundancy
default-gateway: the creation of two HSRP groups, the group 150 which has the active router S4, S3 standby (default gateway for VLAN 100 to 97) and the group 100 which has the active router S3, S4 standby mode (default gateway for VLAN 150 and 90)
TASK 5 -> IP SLA
IP SLA with S3 and S4 which controls S3 S4 which controls
TASK 7 -> DHCP Server DHCP Server
for VLANs 100 and 150 there are two DHCP servers
TASK 2 -> ETEHRCHANNEL There are two types of etherchanel: a level 2 and level 3.
EtherChannel Layer 3 are usually configured when you have a multilayer switch core connected to a distribution of multilayer switches. In this secnario you can think of "putting together" multiple interfaces in order to have redundancy in the connection between the two devices and increase the available bandwidth.
L3 Etherchannel configuration:
S5 (config) # interface port-channel 1 S5 (config-if) # no switchport
/ / E 'in effect a interface layer 3, so I have an IP address asseganre S5 (config-if) # no switchport S5 (config-if) # ip address 172.0.0.1 255.255.255.0
/ / selection interface that will be part of 1 PortChannel S5 (config) # interface range fastethernet 0 / 0 to 1 S5 (config-if-range) # no switchport
/ Association / port-channel physical interface. Clearly, in order to form the 'EtherChannel must be set so that the appropriate mode (LACP or PAgP) S5 (config-if-range) # channel-group 1 mode on
S6 (config) # interface port-channel 1
S6 (config-if) # no switchport
/ / selection interface that will be part of a PortChannel
S6 (config) # interface range fastethernet 0 / 0 to 1
S6 (config-if-range) # no switchport
/ Association / port-channel physical interface. Clearly, in order to form the 'EtherChannel must be set so that the appropriate mode (LACP or PAgP)
S6 (config-if-range) # channel-group 1 mode on
L2 Etherchannel configuration :
In this case, redundancy and increased bandwidth you have level 2, or "aggregate" two level-2 interface. In general L2 can aggregate up to a maximum of eight interfaces, you can do load-balancing, have advantages in the management the STP. Port Channel to form the two possible protocols are: LACP (802.3ad) and PAgP (Cisco).
/ / Create the port-channel
S3 (config) # interface range fastethernet 0 / 3 - 4
S3 (config-if-range) # channel-group 2 mode active
/ / The port-chanel 2 I consider as a level 2 interface, and as such will support the vlan interface, the configuration mode trunk S3 (config) # interface port-channel 2
S3 (config-if) # switchport mode trunk
S3 (config-if) # switchport trunk native vlan 97
/ / The same for S4 / / Create the port-channel
S4 (config) # interface range fastethernet 0 / 3 - 4
S4 (config-if-range) # channel-group 2 mode active
/ / The port-2 chanel regard it as a level 2 interface, and as such will support the vlan interface, the configuration mode trunk S4 (config) # interface port-channel 2
S4 (config-if) # switchport mode trunk
S4 (config-if) # switchport trunk native vlan 97
1) Layer 2: SETTING TRUNK / ACCESS PORT
• Due to the presence of the vlan and the need to make them communicate with each other, I have to apply on the links of the protocols that support the creation and transmission of packets properly tagged according to the VLAN membership. • Using the protocol
802.1qe create this trunk and asked where I create the access port
TASK 3 -> MSTP
The scenario requires the use of Multiple Spanning Tree Protocol. With this protocol we create an instance of the groups and within each instance associated with one or more VLANs. Benefits MST (802.1s): if I used the 802.1q STP, there would be a stp instance for all VLANs, so the two links used by the access switch to the distribution switch, only one would be used as la'ltro in blocking mode. With Multiple Spanning Tree Protocol is said to create more such 'instances for each instance of STP and include one or more' vlan. I remember that the STP is used only to prevent loops at Layer 2. Using the Multiple Spanning Tree, you can create, for example in our case, two logical topologies in order to exploit all the available links and have no links unused.
• Put all the switches in transparent mode and on each one I create vlans 150, 90, 100, 97
S1 (config) # vtp mode transparent
S1 (config) # vlan 150
S1 (config) 90
# vlan S1 (config) # vlan 100
S1 (config) # vlan 97
S2 (config) # vtp mode transparent
S2 (config) # vlan 150
S2 (config) # vlan 90 S2 (config) # vlan 100
S2 (config) # vlan 97
S3 (config) # vtp mode transparent
S3 (config) # vlan 150 S3 (config) # vlan 90
S3 (config) # vlan 100 S3 (config) # vlan 97
S4 (config) # vtp mode transparent
S4 (config) # vlan 150
S4 (config) # vlan 90
S4 (config) # vlan 100
S4 (config) # vlan 97
• Currently there is no protocol to propagate this info (as in vtp example)
• Necessarily then you must configure MST on each switch. The steps are: 1
. Enabling MST on switches:
S1 (config) # spanning-tree mode mst
S2 (config) # spanning-tree mode mst
S3 (config) # spanning-tree mode mst
S4 (config) # spanning-tree mode mst
2. Enter config mode in MST:
S (config) # spanning-tree mst configuration
S1 (config) # spanning-tree mst configuration
S2 (config) # spanning-tree mst configuration
S3 (config) # spanning-tree mst configuration
S4 (config) # spanning-tree mst configuration
3. Give the name of the MST region:
S (config-mst) # name name
S1 (config-mst) # name Lab
S2 (config-mst) # name Lab
S3 (config-mst) # name Lab
S4 (config-mst) # name Lab
4. Assign a configuration number to the MST region:
S (config-mst) # revision version
S1 (config-mst) # revision 1
S2 (config-mst) # revision 1
S3 (config-mst) # revision 1
S4 (config-mst) # revision 1
5. VLAN and instance mapping. In our case vlan 150, instance 1 vlan 90 with 100, 97 with 2 instance
S1 (config-mst) # instance 1 vlan 150, 90
S1 (config-mst) # instance 2 van 10, 97
S2 ( config-mst) # instance 1 vlan 150, 90
S2 (config-mst) # instance 2 van 10, 97
S3 (config-mst) # instance 1 vlan 150, 90
S3 (config-mst) # instance 2 van 10, 97
S4config-mst) # instance 1 vlan 150, 90
S4config-mst) # instance 2 van 10, 97
6. Select I root for the various departments, in this case because the request was to have as a root for vlan 150 S3 and S4 as 90 and root for vlan 10, 97:
S (config) # spanning-tree mst instance- id root primary
S3 (config) # spanning-tree mst 1 root primary
S3 (config) # spanning-tree mst 2 root secondary
S4 (config) # spanning-tree mst 2 root primary
S4 (config) # spanning-tree mst 1 root secondary
This way I get two logical topologies in 2 completely different.
INTERVLAN ROUTING
E 'clear intervlan this transmission should be allowed and then I will use the SVI.
• Using SVI, the two multilayer switches S3 and S4 has been made in step 2 during the configuration of 'HSRP.
Task 4 -> HSRP default gateway redundancy-
• I have four VLANs and each have a different subnet:
(S3) vlan 150 -> 172.16.0.0 / 28
( S4) vlan 100 -> 172.16.0.64 / 28
• The two mls distribution will take care of routing intervlan. I apply development, according to this scheme that I have to confirm it is true or not:
S3 -> 172.16.0.0 VLAN 150 / 28 (default gateway: 172.16.0.1)
S4 -> VLAN 100 172.16.0.64 / 28 (default gateway: 172.16.0.65)
• Thinking that I should now I HSRP integrate with SVI in the sense that: as has been developed until now that I physically siwtchare SVI for VLAN 150 traffic is on S3. If I implement HSRP and VLAN index for this, S3 as "Active Router and S4 as backup router must implement SVI for vlan 150 featured in s4? It
• Side HSRP diagram above is respected, that you need:
Group 150 -> Active Router S3, S4
Group Backup router 100 -> Active Router S4, S3
• Backup router configuration HSRP S3 (config) # interface vlan 150
S3 (config-if) # 172.16.0.2 255.255.255.0
S3 (config-if) # standby 150 priority 200
S3 (config-if) # standby ip 172.16.0.1
/ / (ip virtual subnet must belong to the same virtual interface "150", but should have two distinct addresses)
S3 (config) # interface vlan 100
S3 (config-if) # standby priority 100 150
S3 (config-if) # standby ip 255.255.255.0 172.16.0.66
S3 (config-if) # standby 100 priority 200 S3 (config-if) # standby ip 172.16.0.65
S4 (config ) # interface vlan 100
S4 (config-if) # standby priority 100 200
S4 (config-if) # standby ip 172.16.0.65
S4 (config) # interface vlan 100
S4 (config-if) # standby 150 priority 150
S4 (config-if) # standby ip 172.16.0.1
Task 5 -> IP SLA: Service Level Agreement
Network Management Tool used for, or verify that the network is working properly for example.
With IP SLA is an agreement between the service provider and the company holds a network, quality of service provided by the service provider and perceived by the user.
The network administrator can monitor the network, and verify that the agreement is ripsettato ISP, or track to intervene proactively to potential problems of the network. IP SLA measures are:
-jitter, latency, packet loss
-RTT, Round Trip Time
IP SLA configuration implies the configuration of a source that monitors and another device configured as a responder who is "monitored".
The device that acts as IP SLA Source sends probe to which the responder must clearly respond. These probes are then used to calculate the measures deiderate (jitter, RTT, packet loss etc)
The responder can be qualiasi IP system, but if it is a Cisco device properly set as responders, the measure will be more accurate.
Before starting the actual measurement relished there is a scmbio of info between source and responder referred to as IP SLA Control Protocol (UDP port 1967).
Configurations:
-Source:
Define the identifier ip-sla-
Define the operation and address of the target
-Define the frequency-
Define the measure when it starts
-Define the 'any reaction
Typically, the source collects the necessary info, stores it in the MIB which can then be read via SNMP.
In the specific case should be monitored S3 S4 S4 and S3 should be monitored.
Solution Plan 1: S3 S4 monitors
Source-> Responder
S3-> S4
Operation -> icmp echo, an operation used to measure the time interval between an echo from a source and a reply by any device into an IP address (in this case do not have to configure the responder)
S3 ( config) # ip sla 1
S3 (config-ip-sla) # icmp-echo "ip address of any interface of the switch S4"
/ / It's like if I did a ping interface
Solution Plan 2: S3 S4 monitors
(config) # ip sla 1
S4 (config-ip-sla) # icmp-echo "ip address of any interface of the switch S3"
PRIVATE VLAN
Reference: https: / / supportforums.cisco.com/thread/2055062.pdf
Since the scheme above, the request is:
• PC3, 4.5 can not communicate between them but only with the PC2
• Looking known:
or PC4 and PC5 belong to the same VLAN but at the same time
can not communicate with each other: it is not strange is correct. The PVLAN
must be seen as the ACL, and PC5 PC4 that will address
the same subnet (VLAN 150) but do not communicate with each other. The PVLAN
as they aim to isolate the ports Level 2.
• Rules to follow when implementing VLANs:
or I can not use the numbers 1, or when implementing 1002.1005
PVLAN always configure the switches in transparent mode or I can make a PVLAN a VLAN if the VLAN does not has access doors defined.
• For the scheme above we have (ref:
https: / / supportforums.cisco.com/message/3160548
# 3160548):
Planned Solution - Creating a secondary VLAN for PC 3.4 , 5: 202 PVLAN
- Create a primary VLAN to the PC 1, so I meet the requirements date: PVLAN 201 - Swicth di accesso S1:
//Creazione PVLAN isolated
Switch1(config)#vtp transparent
Switch1(config)#vlan 202
Switch1(config-vlan)#private-vlan isolated
Switch1(config)#vtp transparent
Switch1(config)#vlan 100 Switch1(config-vlan)#private-vlan primary
//Associazione primary PVLAN 100 con secondary PVLAN 202
Switch1(config-vlan)#private-vlan association 202
//Configurazione interfaces
/ / Create host port (Doubts? must also be included in access to VLANs 100 and 150
?)
Switch1 (config) # interface range fastethernet 0 / 2 to 4
Switch1 (config-range- if) # switchport mode private-vlan host Switch1 (config-if-range) # switchport private-vlan host-association 100 202
/ / Create promiscuos port: This port must support the fact
traffic isolated vlan 202 (and to support normal traffic vlan 150 and 100? I leave the port in trunk mode?) Switch1 (config) # interface range fastethernet 0 / 1
Switch1 (config-if) # switchport mode private-vlan promiscuos
Switch1 (config-if-range) # switchport private-vlan mapping 100 202
Monday, November 29, 2010
Where Does An Ontario Trailer Licence Plate Go?
Upgrade IOS TCL
http://www.areanetworking.it/ios-upgrade-su- cisco-router-2520.html
Copy from the Router to the Server
Router # copy flash tftp
Copy from the Server to the Router
Router # copy tftp flash
http://www.areanetworking.it/ios-upgrade-su- cisco-router-2520.html
Copy from the Router to the Server
Router # copy flash tftp
Copy from the Server to the Router
Router # copy tftp flash
Pokemon Soul Silver Eur Rom Working
Basic - Command
Finding a string in ubuntu: grep-i-n 'ip 10.130.51' *
to do research into the folder containing the files in one or piiu 'which is expected to be contained in the string to examine. Show
a string on the output
-> puts Hello
-> puts "Hello World"
Set value of a variable
-> set a 3
->
set a apple
->
puts [set a 2]
INSERT COMMENT
COMPUTE MATHEMATICAL EXPRESSION
->
expre 2+4+5
->
proc + {a b} {expr $a+$b}
Explanation-> The procedure is called "+", it has two ingress arguments "a" e "b", and everytime is called it execute the code: "expr $a+$b"
Example-> + 3 4 7
IF ->
proc abs x {
if {$x > 0} { return $x } else {
expr -$x } }
Example of use
puts [abs 10]
IF ELSE
->
set max [if {$a > $b} {expr $a} {expr $b}]
->
if {$a > 0} {
set x "It's positive" } elseif {$a CICLO FOR
for {set n 1} {$n ping 172.16.0.2 }
Finding a string in ubuntu: grep-i-n 'ip 10.130.51' *
to do research into the folder containing the files in one or piiu 'which is expected to be contained in the string to examine. Show
a string on the output
-> puts Hello
-> puts "Hello World"
Set value of a variable
-> set a 3
->
set a apple
->
puts [set a 2]
INSERT COMMENT
-> #This is a comment
COMPUTE MATHEMATICAL EXPRESSION
->
expre 2+4+5
CREATE PROCEDURE
->
proc + {a b} {expr $a+$b}
Explanation-> The procedure is called "+", it has two ingress arguments "a" e "b", and everytime is called it execute the code: "expr $a+$b"
Example-> + 3 4 7
IF ->
proc abs x {
if {$x > 0} { return $x } else {
expr -$x } }
Example of use
puts [abs 10]
IF ELSE
->
set max [if {$a > $b} {expr $a} {expr $b}]
->
if {$a > 0} {
set x "It's positive" } elseif {$a CICLO FOR
for {set n 1} {$n ping 172.16.0.2 }
How To Play Illegal Heroes 3 Online
TCL scripts for Cisco Router (GNS3 Simulated)
CREATE SCRIPT
In order to run a script, the guideline is: 1)Create the script using a text editor and save the script with a nem (i.e. showint)
COPY THE SCRIPT INTO THE ROUTER
2)Save the script into the flash of the router (create th script into a server and then copy the script from the server to the router)
EXECUTE THE SCRIPT
First Option -> s#tclsh showint
Second Option ->
s#tclsh //enters TCL configuration mode
s(tcl)#source showint
BASIC
-> exec and ios_config commands are used in Tcl scripts executed with tclsh command.
Simple TCL Ping Scritp
####################################################
Sample of script to run a ping command to different address, at the same time. To access the tcl commnad line in Cisco router, enter the "tclsh" command.
R0#tclsh
R0(tcl)#foreach address { < 0} {set x "It's negative"} else {set x "It's zero"} +>(tcl)#1.1.1.1 +>(tcl)#2.2.2.2
+>(tcl)#3.3.3.3 <=3} {incr n 1} {+> +>(tcl)#4.4.4.4
Automatically create loopback interfaces
#################################################### The command should be:
Router#conf t
Router(config)#interface loopback 1
Router(config-if)#ip address 1.1.1.1 255.255.255.0 By using tcl script, we can have:
R#tclsh R(tcl)#foreach {number address} {
1 3.3.4.1 2 3.3.4.2 3 3.3.4.3
4 3.3.4.4
5 3.3.4.5
} { puts [ ios_config "interface Loopback$number" "ip address $address255.255.255.255" ] }
####################################################
Set Hostname ####################################################
Router(tcl)#puts [ios_config "hostname R1"]
####################################################
############################################### #####
Tcl scripts in the default devices
-Change the router's configuration -> Display ios_config
-interface for example:
Router (tcl) # exec "show interfaces"
Load a script from a server
Scenario is:
sets The following script, saved as showint.tcl locate in the tftp server on my computer.
I load the script on the router's flash
and then i used it:
Reference:
http://www.anyweb.co.nz/tutorial/tclintro
Use TCL procedures
1) save file. tcl stored on an FTP server. Here is the contents of the file
proc hello {} {puts "Hello World"}
2) I copy the file from the server to flash
3) At this point I draw steps in the router:
r (tcl) # hello Hello World
Site
CREATE SCRIPT
In order to run a script, the guideline is: 1)Create the script using a text editor and save the script with a nem (i.e. showint)
COPY THE SCRIPT INTO THE ROUTER
2)Save the script into the flash of the router (create th script into a server and then copy the script from the server to the router)
EXECUTE THE SCRIPT
First Option -> s#tclsh showint
Second Option ->
s#tclsh //enters TCL configuration mode
s(tcl)#source showint
BASIC
-> exec and ios_config commands are used in Tcl scripts executed with tclsh command.
Simple TCL Ping Scritp
####################################################
Sample of script to run a ping command to different address, at the same time. To access the tcl commnad line in Cisco router, enter the "tclsh" command.
R0#tclsh
R0(tcl)#foreach address { < 0} {set x "It's negative"} else {set x "It's zero"} +>(tcl)#1.1.1.1 +>(tcl)#2.2.2.2
+>(tcl)#3.3.3.3 <=3} {incr n 1} {+> +>(tcl)#4.4.4.4
+>(tcl)#5.5.5.5 +>(tcl)#6.6.6.6
+>(tcl)#} { puts [ exec "ping $address" ] } #################################################### Automatically create loopback interfaces
#################################################### The command should be:
Router#conf t
Router(config)#interface loopback 1
Router(config-if)#ip address 1.1.1.1 255.255.255.0 By using tcl script, we can have:
R#tclsh R(tcl)#foreach {number address} {
1 3.3.4.1 2 3.3.4.2 3 3.3.4.3
4 3.3.4.4
5 3.3.4.5
} { puts [ ios_config "interface Loopback$number" "ip address $address255.255.255.255" ] }
####################################################
Set Hostname ####################################################
Router(tcl)#puts [ios_config "hostname R1"]
####################################################
############################################### #####
Tcl scripts in the default devices
-Change the router's configuration -> Display ios_config
-interface for example:
Router (tcl) # exec "show interfaces"
Load a script from a server
Scenario is:
sets The following script, saved as showint.tcl locate in the tftp server on my computer.
I load the script on the router's flash
and then i used it:
Reference:
http://www.anyweb.co.nz/tutorial/tclintro
Use TCL procedures
1) save file. tcl stored on an FTP server. Here is the contents of the file
proc hello {} {puts "Hello World"}
2) I copy the file from the server to flash
3) At this point I draw steps in the router:
r (tcl) # hello Hello World
Site
Wednesday, November 10, 2010
Find Numerologist In Chennai
Cloud Computing
brief mention of the date center virtualization, the base of the cloid computing: http://www.cisco.com/en/US/docs/switches/datacenter/nexus2000/sw/configuration/guide/Cisco_Nexus_2000_Series_Fabric_Extender_Software_Configuration_Guide_Release_4_2_chapter2.html # concept_090B6DECCB594BC7AE8368433FFB3B3B
Concepts:
1 ) Ethernet over Fiber Channell
2) Nexus 2000, 5000
brief mention of the date center virtualization, the base of the cloid computing: http://www.cisco.com/en/US/docs/switches/datacenter/nexus2000/sw/configuration/guide/Cisco_Nexus_2000_Series_Fabric_Extender_Software_Configuration_Guide_Release_4_2_chapter2.html # concept_090B6DECCB594BC7AE8368433FFB3B3B
Concepts:
1 ) Ethernet over Fiber Channell
2) Nexus 2000, 5000
Tuesday, July 20, 2010
Friday, July 9, 2010
Airsoft Ppsh-41 For Sale
libero.it, when the gag makes sense
NB: do not link any of the articles that follow, I possino cecamme
Daily I visit the site libero.it for checking email and, every day, I note that the site is a treasure trove of answers to questions never asked. Never consciously put ... because, you know, the unconscious life of its own.
Today for example many of my curiosity was not satisfied, what is the most gieffina beautiful? How much is beauty? There is a comfort to suit all budgets? Marika decided that Hiss, stripped or not?
These are some of the news in homepage. I click and read all the available bare ass, before describing in ' Woman'. Consciously
troverocci nemmanco know it's not a line that speaks of women, but the unconscious, you know ... So I
shows the home:
1) Sex and fool: the bon-ton bed
2) All tricks to learn to dress well - that is to learn how to look slimmer
3) very close Secrets: all about the vagina, the pH to chlamydia, the G-spot measures (internal)
4) All smooth there too. Waxing total
and finally, if you are not able to put into practice what is contained in the proposed articles:
5) Help to divorce
But not all. Being a woman, in fact, it's not just the body. No. In fact being a woman includes a thousand facets chee free site search, generously, to highlight all.
Jump to ' UnoDueTrend ':
1) A cut in less immediately
2) new costume?
3) Mask difettucci
4) Wear the right bra? Do not tell me-noooo! -
5) Looking for a plastic surgeon?
But not all. Being a woman, in fact, it's not just the body. No. In fact being a woman includes thousands and thousands of facets that the free site search, generously, to highlight all.
Jump to ' Lifestyle ':
1) dear, I have better : yes, women are more attractive, live longer, healthier, more studious, more resilient, more communication, better at keeping the place , eating more balanced, more organized than men! - Tie!
2) bullying, we can recognize and neutralize -how? Reading the book of Luke Stanchieri!
3) suspicious in their thirties looking for love, creche Prince Charming but are only bastards
4) fitting a playboy, all straight;)
5) women, attentive to the toad: How to tell if he is really Prince Charming.
But not all. Being a woman, in fact, not merely its existence grueling research IMO. No. In fact being a woman includes thousands and thousands of facets that the free site search, generously, to highlight all.
We come to the section 'A seat at the table ':
1) Sugar-free Sweets
2) Fruit drink, it's time to purify
3) Both in taste calorie
4) Diet flat belly
5) the menu of the fan: how to feed friends and family without being stained, the sofa
But not all. Being a woman, in fact, is not only home and body. No. In fact being a woman includes thousands and thousands of facets that the free site search, generously, to highlight all.
We come to the section ' Under lenzula ':
1) Gentlemen Prefer foreign
2) From a clumsy lover: how to give a hand to your bed that he can do no
3) Gay married but
4) I Shrunk the penis
5) Viagra generation
But not all. Being a woman, in fact, does not disappear in nothing when it comes to sex, no. Being a woman, in fact, does not negate her sexuality in that of others, no. Being a woman, in fact, miraculously returns to the forefront when it comes to the section ' CasaNova ':
1) green cleaning, clean with baking soda
2) Sos domestic workers: your home pass the test to be cleaned?
3) Microbes in the shower ???!??
4) When cleaning is chic: beautiful brooms and shovels
5) Sitting with class: the new chairs to admire
That is all.
Today for example many of my curiosity was not satisfied, what is the most gieffina beautiful? How much is beauty? There is a comfort to suit all budgets? Marika decided that Hiss, stripped or not?
These are some of the news in homepage. I click and read all the available bare ass, before describing in ' Woman'. Consciously
troverocci nemmanco know it's not a line that speaks of women, but the unconscious, you know ... So I
shows the home:
1) Sex and fool: the bon-ton bed
2) All tricks to learn to dress well - that is to learn how to look slimmer
3) very close Secrets: all about the vagina, the pH to chlamydia, the G-spot measures (internal)
4) All smooth there too. Waxing total
and finally, if you are not able to put into practice what is contained in the proposed articles:
5) Help to divorce
But not all. Being a woman, in fact, it's not just the body. No. In fact being a woman includes a thousand facets chee free site search, generously, to highlight all.
Jump to ' UnoDueTrend ':
1) A cut in less immediately
2) new costume?
3) Mask difettucci
4) Wear the right bra? Do not tell me-noooo! -
5) Looking for a plastic surgeon?
But not all. Being a woman, in fact, it's not just the body. No. In fact being a woman includes thousands and thousands of facets that the free site search, generously, to highlight all.
Jump to ' Lifestyle ':
1) dear, I have better : yes, women are more attractive, live longer, healthier, more studious, more resilient, more communication, better at keeping the place , eating more balanced, more organized than men! - Tie!
2) bullying, we can recognize and neutralize -how? Reading the book of Luke Stanchieri!
3) suspicious in their thirties looking for love, creche Prince Charming but are only bastards
4) fitting a playboy, all straight;)
5) women, attentive to the toad: How to tell if he is really Prince Charming.
But not all. Being a woman, in fact, not merely its existence grueling research IMO. No. In fact being a woman includes thousands and thousands of facets that the free site search, generously, to highlight all.
We come to the section 'A seat at the table ':
1) Sugar-free Sweets
2) Fruit drink, it's time to purify
3) Both in taste calorie
4) Diet flat belly
5) the menu of the fan: how to feed friends and family without being stained, the sofa
But not all. Being a woman, in fact, is not only home and body. No. In fact being a woman includes thousands and thousands of facets that the free site search, generously, to highlight all.
We come to the section ' Under lenzula ':
1) Gentlemen Prefer foreign
2) From a clumsy lover: how to give a hand to your bed that he can do no
3) Gay married but
4) I Shrunk the penis
5) Viagra generation
But not all. Being a woman, in fact, does not disappear in nothing when it comes to sex, no. Being a woman, in fact, does not negate her sexuality in that of others, no. Being a woman, in fact, miraculously returns to the forefront when it comes to the section ' CasaNova ':
1) green cleaning, clean with baking soda
2) Sos domestic workers: your home pass the test to be cleaned?
3) Microbes in the shower ???!??
4) When cleaning is chic: beautiful brooms and shovels
5) Sitting with class: the new chairs to admire
That is all.
Subscribe to:
Posts (Atom)