#SDN #Routing #Switching #Firewall #NAC #Proxy #Mail Gateway #SDWAN

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt

Reset switch to factory defaults If I’m not using brand new switch, I normally like to reset it back to factory defaults before doing anything. Use a pointy object (like paper clip) and press “Reset” and “Clear” buttons on the front of the switch at the same time. Release “Reset” button. When “Self Test” LED start to blink, release “Clear” button too. Now the switch should do it test routines. After that it should be back on factory defaults. IP-Address HP ProCurve Switch 2524# configure HP ProCurve Switch 2524(config)# vlan 1 HP ProCurve Switch 2524(vlan-1)# ip address 10.0.0.1 255.255.255.0 HP ProCurve Switch 2524(vlan-1)# wr mem HP ProCurve Switch 2524(vlan-1)# exit HP ProCurve Switch 2524(config)# exit HP ProCurve Switch 2524# Configure VLANs HP ProCurve Switch 2524# configure HP ProCurve Switch 2524(config)# vlan 1 HP ProCurve Switch 2524(vlan-1)# name "Default" HP ProCurve Switch 2524(vlan-1)# untag 2-6 HP ProCurve Switch 2524(vlan-1)# vlan 1

HP ProCurve CLI CheatSheet LOG log Display log events (most recent last) log -r Display log events (most recent first) log A12 Display log events of port a12 log A12 -r Display log events of port a12 (most recent first) log 192.168.0.1 Display log events of 192.168.0.1 MAC show mac A5 Show MAC-address of the device on port A5 show mac A4-A6 Show MAC-adresss of the devices on ports between A4 and A6 show mac 00112233-445566 Show which port device with MAC-address 00112233-445566 is connected VLAN show vlan Show information about vlans on this swtich show vlan ports A19 Show VLAN ID and status of specific ports (A19) show vlan Show ports on this vlan and port status configure vlan 19 Set switch to vlan 19 name SupportVLAN Name this vlan as “SupportVLAN” tag A12 Set port a12 as tagged on vlan 19 (First do vlan <19>) tag A12,A13 Set ports a12 and 13 tagged on vlan 19 (First do vlan <19>)

Problem When I first started in IT, I went and did my Cisco CCNA . So I learned that to connect Cisco switches and pass VLAN traffic between them, I needed to create a 'Trunk' to pass the VLAN traffic. Fast forward a few years, and I now work for an HP reseller. Very early on I came to realise that what HP called a 'trunk' was very different from what I had been taught. Below is an article I did a while ago about setting up HP Trunks. HP Networking 'ProCurve' - Trunking / Aggregating Ports I was in some HP/Wireless training last week and once again I was struggling with their terminology, so today I lined up a bunch of switches on the test bench and worked out the differences. Below you will find the following scenarios; Scenario 1 Configuring Cisco Catalyst Switches with VLANs. Scenario 2 Configuring HP Switches with VLANs. Scenario 3 Setting up HP Switches with Trunked VLANs Scenario 4 Setup VLANs via HP Trunks and Cisco Port Chann

http://www.certprepare.com/vlan-access-map

What is VLAN Access Control Lists (VACL) used for? VLAN Access Control Lists (VACL) can be used to filter traffic within the same vlan Scenario Suppose a host is connected to VLAN 2 and we are required to drop all telnet traffic within VLAN 2. Configuration Make an access list to match telnet traffic Router(config)#access-list 101 permit tcp any any eq telnet Create VACL using the above ACL. Drop telnet traffic and forward all other traffic Router(config)#vlan access-map VACL_ACL 10 Router(config-access-map)#match ip address 101 Router(config-access-map)#action drop Router(config-access-map)#exit Router(config)#vlan access-map VACL_ACL 20 Router(config-access-map)#action forward Router(config-access-map)#exit Router(config)# Apply VACL to VLAN 2. Router(config)#vlan filter VACL_ACL vlan-list 2 Thats it for the configuration. If everything is configured properly, telnet traffic should be dropped within VLAN 2

config system modem set status enable end     diagnose sys modem wireless-id   you should get something like this: vendor: 0x12d1, product: 0×1003, registered: yes      set status enable set pin-init '' set network-init '' set lockdown-lac '' set mode standalone set dial-on-demand enable set idle-timer 5 set redial none set holddown-timer 60 set connect-timeout 90 set wireless-port 0 set phone1 "#777" set username1 "internet" set passwd1 **** set extra-init1 '' set peer-modem1 generic set ppp-echo-request1 enable set authtype1 pap chap mschap mschapv2 execute modem dial     If you are using the web interface of your FortiGate device, when you enable the modem interface you will get Modem option under System > Network section on the left side menu. You can set up some of the options, like phone or Extra Initialization String there too. Also

With the RPF function the Firewall checks if the packet comes in the firewall on the correct interface and does not try to spoof the address. For example in a DMZ network a packet coming in the dmz interface of the firewall and has a source IP from the internal network is spoofed. The firewall should not allow it. RPF is enabled by default and cannot be disabled, but can be set to strict. Strict RPF is disabled by default. If it is set to loose it does not look for best match route only if there is a route. With strict it checks the Forwarding Information Base (FIB). If it is set to strict it look for best match route. for more info see RFC 3704 . Used Version: v4.0,build0521,120313 (MR3 Patch 6) firewall (root) # show full-configuration system settings config system settings set comments '' set opmode nat set bfd disable set utf8-spam-tagging enable set wccp-cache-engine disable unset vpn-stats-log set vpn-stats-period 0 set

HP 10500 Switch Series - VLAN Configuration Examples VLAN interface configuration example Port-based VLAN configuration example MAC-based VLAN configuration example Protocol-based VLAN configuration example IP subnet-based VLAN configuration example VLAN interface configuration example Network requirements (as shown int he figure Network diagram for VLAN interface configuration): As shown in figure Network diagram for VLAN interface configuration, PC A is assigned to VLAN 5. PC B is assigned to VLAN 10. The PCs belong to different IP subnets and cannot communicate with each other. Configure VLAN interfaces on Switch A and configure the PCs to enable Layer 3 communication between the PCs. Figure 1: Network diagram for VLAN interface configuration Configuration procedure Configure Switch A. # Create VLAN 5 and assign GigabitEthernet 1/0/1 to it. <SwitchA> system-view [SwitchA] vlan 5 [SwitchA-vla

Multiple Name Servers: As described in the previous tutorial on DNS , two to seven name servers can be registered against a domain name. These are DNS servers that contain information on where to find services (such as www or email) for a particular domain name. There are two main reasons for providing more than one DNS server for each domain. The first is to provide protection against a DNS server going down- if a DNS server failed for any reason (eg. power outage, communication failure etc.) the domains using this DNS server would be unobtainable since the IP address of these domains could not be retrieved. Instead, having two or more (which should be geographically and topologically seperate) means that if a request to one of them fails, the name server can be requested again. The name servers are requested and in normal circumstances, information from any of the DNS servers is used (which normally contain the same information). The chances of two DNS servers going

An information disclosure vulnerability has been discovered in OpenSSL versions 1.0.1 through 1.0.1f. This vulnerability may allow an attacker to access sensitive information from memory by sending specially-crafted TLS heartbeat requests. Impact Under certain circumstances, exploitation of this vulnerability can result in the disclosure of sensitive information. ========================================================================= Solutions A firmware update for FortiOS is available at http://support.fortinet.com . This vulnerability is fixed in FortiOS version 5.0.7. Firmware updates for FortiAuthenticator, FortiMail and FortiRecorder will be available on Friday April 11th. Firmware release dates for other products are pending. The following workarounds are available: 1. Apply the mitigating IPS signature to interface policies on affected FortiGate devices. The IPS signature was released in IPS update 4.476 and is named "OpenSSL.TLS.Heartbea

Dispatch Method Method used to determine to which server traffic is directed: Cyclic — Directs traffic to each operational server one by one (round robin). Weighted Cyclic — This method uses the Weighted Round Robin algorithm. AppDirector distributes clients’ requests for service in the round robin manner taking into consideration the weight of servers in that farm. Explicitly, every new session is distributed to the next server up to the server weight. For example, if one server has a weight of 2 and another server has wei