Friday, 26 May 2017

Remote site network design considerations

There are number of considerations which are very important for remote site network designs. Below are important questions for green field network design for a new remote site.

1.       Number of users onsite :-- Require to select a LAN switch.
2.       NIC capacity of user’s machines: - 100Mbps/1Gig   -- Require to select a LAN switch.
3.       Number of servers(DHCP,DNS, PXE etc..) :- `
4.       Surveillance devices(CCTV etc..) :- POE requirement
5.       Voice requirement :- POE Requirement
6.       Wireless users and network types ( Guest, Corporate etc.) and number of AP require
7.       Number of wireless controller
8.       Internet setup :- Local or centralized
9.       Security device requirement ( Firewall etc.)
10.   WAN connectivity ( MPlS) requirement and bandwidth requirement.


Posted by at No comments:

Tacacs Port on firewall

If you have firewall in between your client(network device switch,rotuer etc. ) and Tacacs server then you need open TCP 49 port on the firewall.
Posted by at No comments:

Data center - DD questionnaire


Few questions are listed below which are important for the Data center DD.

  1. WAN links and its bandwidth and current utilization
  2. Number of server ports - 1gig/10gig
  3. Number of servers:- physical and virtual
  4. Number of server chassis:-
  5. Number of vlans and related SVIs:-
  6. Intranet and internet traffic flow
  7. Number of load balancers - internal & external
  8. DMZ network details
  9. Number of firewalls
  10. Throughput of current firewalls and link utlization report
  11. Firewall zone and related services.
  12. Routing protocol used in exisitng DC.
  13. Security devices like IPS,IDS.
  14. Voice setup.
  15. Different environment details like test,production, SAP etc.
  16. VPN sites and setup.
  17. IP address details
  18. applications with specific qos reqirement

Posted by at No comments:

Sunday, 21 May 2017

What is DAI( dynamic arp inspection)?

DAI validated the ARP packets in a network. DAI only perform the inspection or checking only on untrusted ports and will not perform inspection on trusted ports. when switch receives a ARP packet on a trusted interface, then it forwards the packet without any inspection or checks. 

 DAI only allow the ARP only if source is in DHCP snooping table or static binding.

 In other words, ARP is only allowed from untrusted port when there is valid entry of source in DHCP snooping table or static binding.

 It prevents Man in middle attacks.

 Configuration:-

 ip arp inspection vlan 1

 int fa0/1
ip arp inspection untrust 

 Verification:-

 show ip dhcp snooping binding 
show ip arp inspection interfaces

 Below error is displayed when a arp packet is recived on untrusted port and source is not present in DHCP snooping table.
%SW_DAI-4-DHCP_SNOOPING_DENY

Posted by at No comments:

What is the reserved mac address for outer unknown unicast destnation in fabricpath?

010F.FFC1.01C0 is the reserved mac address for unknown unicast traffic.
Posted by at No comments:

Fabricpath ECMP hashing functions

Cisco FabricPath switches support ECMP forwarding for known unicast frames. If the destination switch ID can be reached through more than one output interface with equal cost, the forwarding engine uses a hash function to pick one of the interfaces. Below are the hashing methods:-

 1.  Source parameters (layer-3, layer-4, or mixed).
2.  Destination parameters (layer-3, layer-4, or mixed). 

3.  Both the source and the destination parameters (layer-3, layer-4, or mixed).
Posted by at No comments:

%STP-2-L2GW_BACKBONE_BLOCK

A superior BPDU was received on a Cisco FabricPath edge port.
Posted by at No comments:
Subscribe to: Posts (Atom)