Configuring ports in Cisco switches

For the test I will configure ports on Cisco Catalyst 6509-E.

I’ll give an example of setting Access of the port (the traffic goes only over one specified vlan without a tag):

interface GigabitEthernet1/1
description TEXT
switchport
switchport access vlan 226
switchport mode access
no shutdown

Now I’ll give an example of setting Trunk of the port (traffic goes through one or several vlan with a tag only):

interface GigabitEthernet1/2
description TEXT
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 207,228
switchport mode trunk
no shutdown

And the third option, Hybrid port (traffic goes only on one vlan without a tag and on one or several vlan with a tag):

interface GigabitEthernet1/3
description TEXT
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 226
switchport trunk allowed vlan 207,226
switchport mode trunk
no shutdown

To specify parameters for several ports at once:

interface range GigabitEthernet1/1-24

We prohibit automatic switching of the port to access or trunk mode:

interface range GigabitEthernet1/1-24
switchport nonegotiate
exit

See also my article – Configuring link aggregation on the Cisco Catalyst 6500

Script backup configuration DOCSIS ARRIS Cadant C3 CMTS

Actually, this is my script:

#!/bin/bash
# Backup DOCSIS CADANTS config
(
sleep 5
echo "user"
sleep 5
echo "password"
sleep 5
echo "enable"
sleep 2
echo "password"
sleep 2
echo "copy startup-configuration tftp://192.168.0.1/cadant1.xml"
sleep 5
echo "exit"
) | telnet 192.168.0.50
mv /srv/tftp/cadant1.xml /backups/devices/docsis/`date +%Y-%m-%d`_cadant1.xml

Where 192.168.0.50 – cadant, 192.168.0.1 – tftp server.

You can add the script to /etc/crontab for automatic execution (for example, every day at one in the morning):

0 1 * * * root /path/to/script/backup_cadants.sh > /dev/null 2>&1

Blocking third-party DHCP on Cisco via DHCP Snooping

On the test, I configure DHCP Snooping on the Cisco Catalyst 6509-E to block third-party DHCP servers, on the other Cisco switches, the configuration is basically the same.

After connecting to the device immediately go to the configuration mode:

enable
configure

Continue reading “Blocking third-party DHCP on Cisco via DHCP Snooping”

How to catch broadcast flooding on MikroTik devices

It took somehow in one network to determine where the jumps of broadcast traffic are coming from, because of which the CPU usage was increasing on devices and there were interruptions with the Internet.
The network equipment was used from MikroTik.

Having connected to MikroTik with the following command, let’s look at the traffic statistics on ports, namely the broadcast traffic “Rx Broadcast” coming to the port, since this is the packet counter, then the figure should grow if the flood comes, if it does not change, then all is well:

interface ethernet print stats interval=1

Here is an example of viewing the statistics of a specific port (where ether2 is the name of the interface, it may be different depending on how it was called in the configuration):

interface ethernet print stats from ether2 interval=1

See the list of ports/interfaces with the command:

interface print

In this way, by the chain we will reach the final port from which there is a broadcast flood and, if necessary, turn it off by the command (where NUMBER is the number of the port in order in the table which can be viewed by the command above):

interface disable NUMBER

To enable the port:

interface enable NUMBER

Via WEB or Winbox, you can see the statistics by opening the Interfaces menu on the left and in the Interface tab, let’s look at each interface.

Example of resetting port statistics:

interface ethernet reset-counters ether2
interface ethernet reset-counters ether2,ether3,ether4,ether5

On CRS models MikroTik, you can enable broadcast traffic control, for example, 100 packets per second on an ether3 port (similarly for other ports):

interface ethernet switch ingress-port-policer add port=ether3 rate=100 meter-unit=packet packet-types=broadcast

In the future, you can watch the network for example through the system Zabbix, in which you can configure the display of broadcast packet schedules and if the packet counter starts to grow, the system will notify you.

Speed limit on MikroTik through Queues

It was necessary somehow on the sector antenna to limit traffic for fans to shake torrents. Point set up and described in this article – MikroTik RB912UAG-2HPnD (BaseBox 2) + Ubiquiti Sector. In my case, the speed adjusts the billing, but I wanted to limit the test for the means of MikroTik.

Continue reading “Speed limit on MikroTik through Queues”

Configuring MikroTik RB912UAG-2HPnD (BaseBox 2) + Ubiquiti Sector

Recently tuned MikroTik RB912UAG-2HPnD (BaseBox 2).
The sticker says that without the antenna connected it can not be turned on :), it will be used with Ubiquiti Sector AM-2G15, I connected this sector to two contacts.

The standard IP device is 192.168.88.1, the login admin is without a password, DHCP is disabled as standard, so you need to manually register IP on the computer, for example 192.168.88.2 with a subnet mask of 255.255.255.0.

First of all we will change the password in “System” – “Users”.

Set up Wi-Fi settings in “Wireless” – “Interfaces”:
Wireless Protocol: 802.11 so that you can connect to any device

In “Wireless” – “Security Profiles”, configure:
SSID (the name of the wireless network)
Mode: dynamic keys
type of encryption WPA2 PSK AES
WPA2 Pre-Shared Key (wireless password)

Now change the device IP address, in IP – Addresses, the network where it will stand. For example, instead of 192.168.88.1 on 172.16.200.11, after that on the computer, we will manually change the IP registered on the IP from this network, for example 172.16.200.12 so that you can continue to configure.
“IP” – “Routes” add a gateway, for example Dst. Address: 0.0.0.0/0, Gateway: 172.16.200.1.

On this basic setup is completed, the device will work as an access point to the bridge, that is, it will not be issued by the IP, but by the device before it or by billing.

Repairing the Netis WF2419 Firmware via TFTP

I will describe the procedure for restoring the firmware of the Netis WF2419 router via TFTP:

1) Download the latest firmware from the official site
http://netis-systems.com/Suppory/de_details/id/1/de/44
If the firmware was downloaded in a compressed archive, then we unpack it, we need a firmware file with the extension *.bin

2) We will manually register the IP address on the computer, for example 192.168.1.100

3) Connect the computer to the router through the port LAN4.

4) Turn off the power of the router, press the reset button and hold it on, after 3 seconds, release the reset button. After that, the device will enter the recovery mode.

5) Now there will be actions with TFTP. Earlier I wrote articles about TFTP:
Starting a TFTP server in Windows
Installing and Configuring a TFTP Server in Ubuntu.
Actually, you need to send the file of the previously downloaded firmware to the router (its IP in recovery mode 192.168.1.6).
I use TFTP for example in Windows we specify the address of the client 192.168.1.6, the firmware file and press Put thereby starting transferring the file to the router, you do not need to specify anything else.
We are waiting for the completion of the process for several minutes.

Done, the firmware repair process is complete.

The solution of 80070020 error on Nokia Lumia 530

I noticed once a mistake when installing the application on the Nokia Lumia 530 (RM-1017):

There is a problem completing your request.
Please try again later.
Error code: 80070020

The reason for the error was the wrong date and time, before this error on the phone the battery was removed and they dropped.

So I manually specified the date and time in “Settings” – “Date+Time”, after which the error no longer appeared.