ccie obsessednoreply@blogger.com (Ahmad Fadly Abbas)Thu, 24 Oct 2024 18:23:10 +0700Blogger http://www.blogger.com15125http://ccieobsessed.blogspot.com/en-usHow to install SCABB snmp real time monitoring (SNMP RTM)http://ccieobsessed.blogspot.com/2009/08/how-to-install-scabb-snmp-real-time.htmlscabbsnmpnoreply@blogger.com (Ahmad Fadly Abbas)Mon, 31 Aug 2009 11:14:00 +0700tag:blogger.com,1999:blog-1547438151139198241.post-8371284719704982248<span style="font-size:100%;"><span style="font-family:trebuchet ms;">If you had installed SCABB (Service Control Aplication Broadband) or if you had read scabb end user guide you will be familiar with this topic. This is a tool for network admins to monitor their network using SNMP in real time. Refer to the cisco guide, the snmp tool that we will be used are MRTG (Multi Router Traffic Grapher) and RRD (Round Robin Database) to</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">ol. MRTG will collect snmp data from sce then generate html pages, rrd tool will store data using round robin database and then generate a graph. In my Lab environment </span> <span style="font-family:trebuchet ms;">I'm using my desktop with windowsxp, scabb v3.1.6 , sce 2020.<br /><br /></span></span><div style="text-align: left;"><span style="font-size:100%;"><span style="font-family:trebuchet ms;">How it works :</span></span><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWraMFELpWKWxE8SOP4I5FuC27Y41RYoVpGp2_eO9qI8HGrzVWHez94-wX1JG0O25qXCe9rfIXGCmQcP9_WpYypYgNO-wMe0lct8TfmLl0po6f6KBOI1EKO5LukgvFFIjrbYARucro8OM/s1600-h/top.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 251px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWraMFELpWKWxE8SOP4I5FuC27Y41RYoVpGp2_eO9qI8HGrzVWHez94-wX1JG0O25qXCe9rfIXGCmQcP9_WpYypYgNO-wMe0lct8TfmLl0po6f6KBOI1EKO5LukgvFFIjrbYARucro8OM/s400/top.jpg" alt="" id="BLOGGER_PHOTO_ID_5375977881074009106" border="0" /></a><span style="font-size:100%;"> <span style="font-family:trebuchet ms;">These are the compone</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">nts that will be used to install SNMP RTM:</span> <span style="font-family:trebuchet ms;"><br />1. MRTG-2.1.5 - download from <a href="http://www.mrtg.org/">mrtg.org</a></span></span><span style="font-size:100%;"> <span style="font-family:trebuchet ms;"><br />2. rrdtool-1.2.15 - download from <a href="http://www.rrdtool.org/">rrdtool.org</a></span> <span style="font-family:trebuchet ms;"><br />3. Active Perl 5.8 - search<a href="http://www.google.com/"> google.com</a> and download</span> <span style="font-family:trebuchet ms;"><br />4. Apache2 - download from <a href="http://httpd.apache.org/download.cgi">apache.org</a></span><br /><span style="font-family:trebuchet ms;">5. sca_bb v3.1.6 - download from <a href="http://www.cisco.com/">cisco.com</a></span> <span style="font-family:trebuchet ms;"><br />6. sca_bb utility - extracted from sca_bb v3.1.6</span> <span style="font-family:trebuchet ms;"><br />7. scabb_rtm_templates_v3.0.5A_b05 - download</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"> from <a href="http://www.cisco.com/">cisco.com</a></span><br /><span style="font-family:trebuchet ms;">8. firedaemon - search <a href="http://www.cisco.com/">google.com</a> and download</span></span><span style="font-size:100%;"> <span style="font-family:trebuchet ms;"><br />9. Java (jre) 1.4.2 - download from <a href="http://java.sun.com/">java.sun.com</a></span></span><span style="font-size:100%;"> <span style="font-family:trebuchet ms;"><br /></span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">- mrtg for collecting snmp</span> <span style="font-family:trebuchet ms;"><br />- rrd tool to store data</span> <span style="font-family:trebuchet ms;"><br />- Active perl for running mrtg</span> <span style="font-family:trebuchet ms;"><br />- Apache for running web server, cgi</span></span><span style="font-size:100%;"> <span style="font-family:trebuchet ms;"><br />- scabb v3.1.6 to get scabb utility</span></span><span style="font-size:100%;"> <span style="font-family:trebuchet ms;"><br />- scabb utility for generate mrtg cfg files</span><br /><span style="font-family:trebuchet ms;">- scabb rtm template for generate</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"> cfg file refer to the template and sce configuration</span><br /><span style="font-family:trebuchet ms;">- firedaemon for running scheduler</span> <span style="font-family:trebuchet ms;"><br />- java needs for running scabb utility</span> <span style="font-family:trebuchet ms;"><br /><br />Getting started :</span> <span style="font-family:trebuchet ms;"><br />1. Install mrtg, perl, rrdtool in C:\</span></span><span style="font-size:100%;"> <span style="font-family:trebuchet ms;"><br />2. Install apache web-server C:\Program Files</span></span><span style="font-size:100%;"><br /><span style="font-family:trebuchet ms;">3. Install firedaemon</span> <span style="font-family:trebuchet ms;"><br />4. Install java</span><br /><span style="font-family:trebuchet ms;">5. Extract scabb v3.1.6, extract scabb util (bin &amp; lib) to C:\</span> <span style="font-family:trebuchet ms;"><br />6. Extract scabb rtm template to C:\bin\ </span></span><span style="font-size:100%;"> <span style="font-family:trebuchet ms;"><br />7. Create directory rtm-output in C:\bin\</span> <span style="font-family:trebuchet ms;"><br />8. Edit rtcmd.cfg file</span> </span><span style="font-family:trebuchet ms;"><br /><br />#The absolute path to the RRD tool's execution files folder<br />#Use '\\' or '/' as path separator<br />rrdtool_bin_dir=C:/rrdtool-1.2.15/rrdtool/Release<br /><br />#The absolute path where RTM files will be placed.<br />#This path will be used by MRTG to create and update the RRD files<br />#Note: path must not contain white spaces!<br />rtm_dir=C:/PROGRA~1/APACHE~1/Apache2.2/htdocs<br /><br />#The absolute path to the MRTG bin folder.<br />#This path will be used to create file crontab.txt<br />mrtg_bin_dir=C:/mrtg-2.14.5/bin<br /><br />#The SCE's community string<br />snmpCommunityString=public<br />rrdtool_bin_dir=C:/rrdtool-1.2.15/rrdtool/Release<br /><br />9. Open command prompt, running this command "rtmcmd -S "ip_sce1;ipsce2" -U xxxxx -P xxxxx --pqb-sce=ip_sce1 --source-dir=/templates --dest-dir=/rtm-output -c ./rtmcmd.cfg<br /><br />C:\bin\rtmcmd -S "ip_sce1;ipsce2" -U xxxxx -P xxxxx --pqb-sce=ip_sce1 --source-dir=/templates --dest-dir=/rtm-output -c ./rtmcmd.cfg<br />connecting to ip_sce1 ... done<br />retrieving service configuration from SCE ... done<br />disconnecting from device ... done<br />loading user configuration from file 'rtmcmd.cfg' ... done<br />processing templates from '\templates' to '\rtm-output' ... done<br />C:\bin><br /><br />10. Check rtm-output directory<br /><br />C:\bin\rtm-output>dir<br />Volume in drive C has no label.<br />Volume Serial Number is C4C2-8BAA<br /><br />Directory of C:\bin\rtm-output<br /><br />08/31/2009 08:16 AM dir .<br />08/31/2009 08:16 AM dir ..<br />08/31/2009 10:30 AM 43 .htaccess<br />08/31/2009 10:30 AM 386 crontab-unix.txt<br />08/31/2009 10:30 AM 310 crontab-windows.txt<br />08/31/2009 08:16 AM dir mrtg-cfg<br />08/31/2009 08:16 AM dir sce_202.155.50.75<br />08/31/2009 08:16 AM dir sce_202.155.50.77<br />08/31/2009 08:16 AM dir static<br /><br />11. Copy all file to C:\Program Files\Apache Software Foundation\Apache2.2\htdocs><br />12. Edit httpd Apache configuration file and add this text :<br /><br /><directory><br />Options Indexes FollowSymLinks ExecCGI<br />AllowOverride Indexes<br />Order allow,deny<br />Allow from all<br /></directory><br /><br />13. Test mrtg and mrtg cfg file with this command :<br /><br /><br />C:\Perl\bin>perl.exe c:\mrtg-2.14.5\bin\mrtg "c:\Program Files\Apache Software Foundation\Apache2.2\htdocs\mrtg-cfg\ip_sce1_scabb_mrtg.cfg"<br /><br /><br />C:\Perl\bin>perl.exe c:\mrtg-2.14.5\bin\mrtg "c:\Program Files\Apache Software Foundation\Apache2.2\htdocs\mrtg-cfg\ip_sce1_scabb_mrtg.cfg"<br /><br />If no error appear, you can check working directory a lot of rrd files has been generated.<br /><br />14. Open firedaemon, add new service definition :<br /><br />Shortname : sce1<br />Executable : C:\Perl\bin\wperl.exe<br />Working Dir :C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\sce_ip_sce1<br />Parameters : C:\mrtg-2.14.5\bin\mrtg "C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\mrtg-cfg\ip_sce1_scabb_mrtg.cfg"<br /><br /><br />Start Service sce1<br /><br />Shortname : sce2<br />Executable : C:\Perl\bin\wperl.exe<br />Working Dir :C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\sce_ip_sce2<br />Parameters : C:\mrtg-2.14.5\bin\mrtg "C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\mrtg-cfg\ip_sce2_scabb_mrtg.cfg"<br /><br />Start service sce2<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuLOyWeJhxkFYzuqn_Hf08WaEwGrJRTDYOsLDI-ja61h0sJsuvMxMUY_6DiAMfIHHnSR3XGLoSewAMUNCAxvgFAhkFb2d5qfloako80mVnluPUn5HQd8PPZSLsB8H_5MjDiltcQHqL-2Q/s1600-h/scabb+rtm+fired.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 291px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuLOyWeJhxkFYzuqn_Hf08WaEwGrJRTDYOsLDI-ja61h0sJsuvMxMUY_6DiAMfIHHnSR3XGLoSewAMUNCAxvgFAhkFb2d5qfloako80mVnluPUn5HQd8PPZSLsB8H_5MjDiltcQHqL-2Q/s400/scabb+rtm+fired.JPG" alt="" id="BLOGGER_PHOTO_ID_5375979520222730674" border="0" /></a><br /><br />15. Open web browser and type :<br /><br />http://localhost/sce_ip_sce1/<br />http://localhost/sce_ip_sce2/<br /><br />And finally you will see the following display in your browser :<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvNfgxirCqBXKU8ljdsmInJgFlqjv2mDVUvUr2Dz0Bnx9erXjjmj3IymLxnc8HHzjnMSMu5-Mb43IGJZvRCSl9_6IljYd2JAjhnHdAcjsivdRKqDMkWqvcOvp6ac1TzGuLckC773Jzl6Y/s1600-h/rtm+browser.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 234px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvNfgxirCqBXKU8ljdsmInJgFlqjv2mDVUvUr2Dz0Bnx9erXjjmj3IymLxnc8HHzjnMSMu5-Mb43IGJZvRCSl9_6IljYd2JAjhnHdAcjsivdRKqDMkWqvcOvp6ac1TzGuLckC773Jzl6Y/s400/rtm+browser.JPG" alt="" id="BLOGGER_PHOTO_ID_5375979823806650274" border="0" /></a><span style="font-family:trebuchet ms;">Refference </span> <a style="font-family: trebuchet ms;" href="http://www.cisco.com/en/US/products/ps613/products_user_guide_book09186a0080843872.html">http://www.cisco.com/en/US/products/ps61</a><a style="font-family: trebuchet ms;" href="http://www.cisco.com/en/US/products/ps613/products_user_guide_book09186a0080843872.html">/products_user_guide_book09186a0080843872.html<br /></a></span></div><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><dir><span style="font-family:trebuchet ms;"><dir><span style="font-family:trebuchet ms;"><dir><span style="font-family:trebuchet ms;"><dir><span style="font-family:trebuchet ms;"><dir><span style="font-family:trebuchet ms;"><dir> </dir></span></dir></span></dir></span></dir></span></dir></span></dir></span></span>2Update protocol pack and signature using SCABB / SCEhttp://ccieobsessed.blogspot.com/2009/08/update-protocol-and-protocol-signature.htmlblock flashblock peer to peerblock youtube videosce protocol packnoreply@blogger.com (Ahmad Fadly Abbas)Fri, 14 Aug 2009 10:33:00 +0700tag:blogger.com,1999:blog-1547438151139198241.post-8661469832566930537<span style="font-size:100%;"><span style="font-family:trebuchet ms;">Using Cisco SCE we can manage traffic per application based on protocol that supported by SCE Software. In my lab I use sce 2020, Software 3.1.6. My goal is I want to control or </span><span style="font-family:trebuchet ms;">even block the subscribers traffic in accessing bandwidth consuming application such as peer to peer, flash youtube, flash yahoo, video google, http download et</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">c.<br /></span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">First I </span><span style="font-family:trebuchet ms;">applied the streaming service to the package </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">and made some rule t</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">o control it,</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"> then I </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">mapped the subscriber using SM to </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">use that package. Somehow the rule was not working, user could </span><span style="font-family:trebuchet ms;">still have an access to the video google, flash youtube etc. Than I checked the reporting in SCABB the user traffic is classified as a browsing. I was </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">thinking that SCE cannot </span><span style="font-family:trebuchet ms;">detect those protocol as a flash protocol that is define in its service configuration protocol. I checked at the cisco website than I found that I must upgrade the protocol pack of the </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">existing software. This happen because of </span><span style="font-family:trebuchet ms;">there are some of a new update to the </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">protocol in internet, SCE must improve the capabilities in detecting and making classification to the new protocol and signature. The new update of protocol </span><span style="font-family:trebuchet ms;">pack now is SCA BB Protocol Pack #17, it resolved some of caveat in the previous protocol pack, such as miss classifying protocol i.e yahoo login, flash etc.<br /><br /></span></span><span style="font-size:100%;"> <span style="font-family:trebuchet ms;">This is the new update protocol :</span></span><span style="font-size:100%;"> </span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">• Flash YouTube HD</span></span><span style="font-size:100%;"> <span style="font-family:trebuchet ms;"><br />• Flash YouTube Normal</span> <span style="font-family:trebuchet ms;"><br />• Yahoo General Login</span></span><span style="font-size:100%;"> <span style="font-family:trebuchet ms;"><br />• Sky Player - (Supported by 3.5.0 only)</span> <span style="font-family:trebuchet ms;"><br /><br />and here is the guide :<br /></span> </span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">1. Download SPQI at cisco.com</span></span><span style="font-size:100%;"> <span style="font-family:trebuchet ms;"><br />2. Extract the SPQI file 3.1.6 Protocol Pack #17 ZIP package</span></span><span style="font-size:100%;"> <span style="font-family:trebuchet ms;"><br />3. install the ProtocolPack using SCABB, right clik on sce, network navig</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">ator menu</span></span><br /><div style="text-align: right;"><br /></div><br /><br /><div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIMgyCPU4jRl21uuyl34IMMApy4Fgr83hWSqY3OTIGA_WfbYP2Y1L3cx6QsZ9ghStxlZBB2yVhOfR3RL2pryyMTpeRxYKvEeGX5GbS7j23qt7wTG-N_vG4kocCqv8OJVctvFYzbSdiaUA/s1600-h/sce.bmp"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 182px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIMgyCPU4jRl21uuyl34IMMApy4Fgr83hWSqY3OTIGA_WfbYP2Y1L3cx6QsZ9ghStxlZBB2yVhOfR3RL2pryyMTpeRxYKvEeGX5GbS7j23qt7wTG-N_vG4kocCqv8OJVctvFYzbSdiaUA/s200/sce.bmp" alt="" id="BLOGGER_PHOTO_ID_5369660515099732130" border="0" /></a></div><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><br /></span></span><br /><br /><br /><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><br /></span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><br /><br />4. Extract the script.txt file from the 3.1.6 Protocol Pack #17 ZIP package and upload to the SCE platform using FTP.</span></span><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">SCE2020#copy-passive ftp://user:pass@ip-address/script.txt script.t</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">xt</span></span><span style="font-size:100%;"> </span><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">5. Open a CLI session in the SCE platform and navigate to the director</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">y where the uploaded script.txt. Using admin user run the script run script.txt.</span></span><span style="font-size:100%;"> <span style="font-family:trebuchet ms;"><br /><br />SCE2020-2#>script run script.txt<br /><br /><br />configure<br />interface LineCard 0<br /><br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_UserAgents overwrite-key "Babelgum" value 23<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_UserAgents overwrite-key "babelgum" value 23<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_UserAgents overwrite-key "Deluge*" value 9<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_UserAgents overwrite-key "TVUPlayer*" value 24<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_UserAgents overwrite-key "PIPIPlayer" value 25<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_UserAgents overwrite-key "NateOn*" value 26<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_UserAgents overwrite-key "ed2k" value 6<br /><br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:*.babelgum.com" value 7<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:*.vuze.com" value 8<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:channel2.tvunetworks.com" value 10<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "co*:*.tvunetworks.com" value 10<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:mb.tvunetworks.com" value 10<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:pages.tvunetworks.com" value 10<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:*mail.google.com" value 11<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:*skype.com" value 12<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:*joost.com" value 13<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:*googlevideo.com" value 1<br /><br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_URL overwrite-key /videoplayback*:* value 2<br />lookup GT_LUT_HTTP_BASED_PROTOCOLS_URL overwrite-key *:*.hash value 7<br /><br />lookup GT_LUT_DestPortBasedProtocolsPostMultipleSig overwrite-key "0.6.0.22:0xffffffff" value 16777216<br /><br />lookup GT_LUT_HTTP_SPLIT_INITIATEE_BASED_PROTOCOLS_Server overwrite-key "AIM*:*" value 7<br /><br />tunable GT_PL_USE_OLD_BEHAVIORAL_DOWNLOAD value false<br />tunable PL_AGING_RTMP value 3000<br />tunable GT_PL_SKYPE_TCP_PRECEDE_PKTS_PAT_MAX value 180<br /><br />tunable GT_PL_BEHAVIORAL_DOWNLOAD_MIN_AVG_PACKET_SIZE value 700<br />tunable GT_PL_BEHAVIORAL_DOWNLOAD_MAX_VOLUME_RATIO value 25<br />tunable GT_PL_BEHAVIORAL_DOWNLOAD_PACKET_DEVIATION_HI_VOL_FACTOR value 50<br /><br />tunable GT_PL_WINNYP_NUMBER_OF_CHECKED_PACKETS value 5<br />tunable GT_PL_WINNYP_MAXIMAL_ALLOWED_DIRECTION_CHANGES value 5<br /><br />tunable GT_QQMaxPacketsInSameDir value 7<br /><br />exit<br />exit<br /><br />copy running-config-application startup-config-<span style="font-size:100%;">application</span><br />Writing general configuration file to temporary location...<br />Removing old application configuration file...<br />Renaming temporary application configuration file with the final file's name...<br /><br />SCE2020-1#> <br />The screenshoot result for successfully blocked youtube and google video.<br /></span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">youtube :</span></span><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgw0VrgfdUXEL3h4Owdwgg0pEjD0q4vP2zud7I74peYGbsuTN2icbjUzIEegPSN81dv_43PTNo7Qb3_K84UaiyhIw0yH2903g3DLM6ILr0A234_56n_y3Xt62Jg6dACrYT8k4yjegDuds/s1600-h/youtube+blok.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 222px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgw0VrgfdUXEL3h4Owdwgg0pEjD0q4vP2zud7I74peYGbsuTN2icbjUzIEegPSN81dv_43PTNo7Qb3_K84UaiyhIw0yH2903g3DLM6ILr0A234_56n_y3Xt62Jg6dACrYT8k4yjegDuds/s320/youtube+blok.JPG" alt="" id="BLOGGER_PHOTO_ID_5369788929548665154" border="0" /></a><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><br /></span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">Google Video :<br /></span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><br /></span></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimD0D0gBUE8IdSo-1WNczjobIqI0oqh7sImRiNOrqyUk1raCT27zaTs1tpwElRI03x2peVJGFG7uVvNdpzcyk7z7Zy5g-HFT2kPAZ5cXk-tBWOSOaBuDOou88lvBHUG7MYROX07Bnwsfo/s1600-h/video+google.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 246px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimD0D0gBUE8IdSo-1WNczjobIqI0oqh7sImRiNOrqyUk1raCT27zaTs1tpwElRI03x2peVJGFG7uVvNdpzcyk7z7Zy5g-HFT2kPAZ5cXk-tBWOSOaBuDOou88lvBHUG7MYROX07Bnwsfo/s320/video+google.JPG" alt="" id="BLOGGER_PHOTO_ID_5369788439338338418" border="0" /></a><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">This is only the sample if you want to block google video or youtube, you can control any of protocol as long as is supported by protocol pack.<br /></span></span>1ISG - SCE Integration using SCMPhttp://ccieobsessed.blogspot.com/2009/08/isg-sce-integration-using-scmp.htmlintegration SCE SCMPISGSCESCMPnoreply@blogger.com (Ahmad Fadly Abbas)Tue, 4 Aug 2009 15:29:00 +0700tag:blogger.com,1999:blog-1547438151139198241.post-7993612903103175164<span style="font-size:100%;"><span style="font-family:trebuchet ms;">ISG (Intelligent service Gateway) is a broadband agregation r</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">outer to deliver service from service provider to the broadband subscriber. Using ISG</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"> we can control and implement dynamic policy to the subscriber such as turbo button (upgrade or downgrade speed), Parental control, Subscriber self-control using Captive Portal / Redirect Wallgarden Service and External-policy controll using CoA. For more advanced implementation is to implement ISG </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">colaborative with SCE as a DPI (deep packet inspection) service control. Using SCE we can make some of different s</span></span>ervice levels for subscriber. We can control the subscriber trafic in the aplication layer (layer7) or we can use taffic shaping capabilites.<br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">To integrate SCE and ISG we can use SCMP, it allows that isg and SCE to man</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">age subscriber session and apply subscriber to particular service / profile dynamically intsead of using subscriber manager (SM) using SCABB application. External Portal / Walled garden can send a Coa packet </span></span><span class="content">(CoA RFC 3576)</span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"> to ISG to change the user's service. In the isg policy we can define any package that will be sent using Coa to SCE include the GUID / user identity, next when the SCE accept the CoA, it will assign the package to this GUID.<br /></span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">I try to make a lab to implement this integration, using isg and sce 2020. Here is the diagram:<br /></span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><span style="font-weight: bold;">DIAGRAM :</span><br />---------------------------------------------</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">---------------------------------------------</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">-----------------------<br /><br /><br /></span></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOOXCOjedhk8VsmQykFbodora-g1ghmk2beVxos5ramClYxBCzXtW22LQb0PwqjJxSzkT3e-xDdUZZ_ue_L4_En4pS0kOG7Wbxk6DEec_KWWlXmMJao1tp_Hw9PAtilVMXZTpM7Jj1lmA/s1600-h/scmp.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 193px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOOXCOjedhk8VsmQykFbodora-g1ghmk2beVxos5ramClYxBCzXtW22LQb0PwqjJxSzkT3e-xDdUZZ_ue_L4_En4pS0kOG7Wbxk6DEec_KWWlXmMJao1tp_Hw9PAtilVMXZTpM7Jj1lmA/s400/scmp.JPG" alt="" id="BLOGGER_PHOTO_ID_5369791133939205330" border="0" /></a><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">-----------------------------------------------------------------------------------------------------------------<br /><br /><span style="font-weight: bold;">ISG configuration :</span><br /><br />ISGD2#<br />!<br />aaa attribute list coa<br />attribute type nas-ip-address 172.16.0.29<br />!<br />!<br />!<br />aaa server radius policy-device<br />key peditea<br />message-authenticator ignore<br />client 192.168.50.77 vrf vpn_internet key peditea<br />!<br /><br /><br /><span style="font-weight: bold;">Verify the SCMP peer in the ISG:</span><br /><br />ISGD2#sh subscriber policy peer all<br />EXTERNAL POLICY PEER Details:<br />=============================<br /><br />Peer IP: 192.168.50.77<br />Conn ID: 11<br />Mode : PUSH<br />State : ACTIVE<br />Version: 2.0<br />Conn up time: 00:08:55<br />Conf keepalive: 100<br />Negotiated keepalive: 100<br />Time since last keepalive: 00:00:34<br />Inform owner on pull: TRUE<br />Total number of associated sessions: 1<br /><br /><br /><span style="font-weight: bold;">CoA from ISG to SCE :<br /><br /></span>*Aug 4 06:16:27.582: RADIUS(00000000): Send CoA Request to 192.168.50.77:3799 id 1645/53, len 211<br />*Aug 4 06:16:27.582: RADIUS: authenticator C7 E2 B1 A2 F5 7B 13 65 - 98 05 83 9B A5 DF 5E CE<br />*Aug 4 06:16:27.582: RADIUS: Vendor, Cisco [26] 37<br />*Aug 4 06:16:27.582: RADIUS: Cisco AVpair [1] 31 "session-guid=CA9B591E0000003C"<br />*Aug 4 06:16:27.582: RADIUS: NAS-Port [5] 6 60000 <br />*Aug 4 06:16:27.582: RADIUS: NAS-Port-Id [87] 21 "nas-port:0/0/0/86/0"<br />*Aug 4 06:16:27.582: RADIUS: Vendor, Cisco [26] 37<br />*Aug 4 06:16:27.582: RADIUS: Cisco AVpair [1] 31 "subscriber:command=updateSess"<br />*Aug 4 06:16:27.582: RADIUS: Vendor, Cisco [26] 32<br />*Aug 4 06:16:27.582: RADIUS: Cisco AVpair [1] 26 "subscriber:policy-name=6"<br />*Aug 4 06:16:27.582: RADIUS: Vendor, Cisco [26] 36<br />*Aug 4 06:16:27.582: RADIUS: Cisco AVpair [1] 30 "subscriber:service-monitor=1"<br />*Aug 4 06:16:27.582: RADIUS: NAS-IP-Address [4] 6 172.16.0.29 <br />*Aug 4 06:16:27.582: RADIUS: User-Name [1] 10 "fadlytea"<br />*Aug 4 06:16:27.582: RADIUS: Framed-IP-Address [8] 6 172.16.94.2 <br />*Aug 4 06:16:27.586: RADIUS: Received from id 1645/53 192.168.50.77:3799, CoA Ack Response, len 63<br />*Aug 4 06:16:27.586: RADIUS: authenticator B8 00 27 53 E2 DF 79 28 - 82 30 38 3F 76 A9 85 06<br />*Aug 4 06:16:27.586: RADIUS: NAS-IP-Address [4] 6 192.168.50.77 <br />*Aug 4 06:16:27.586: RADIUS: Vendor, Cisco [26] 37<br />*Aug 4 06:16:27.586: RADIUS: Cisco AVpair [1] 31 "session-guid=CA9B591E0000003C"<span style="font-weight: bold;"><br /></span><br /></span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><span style="font-weight: bold;">Verify the user session GUID:</span></span></span><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">ISGD2#sh subscriber policy peer all detail<br />EXTERNAL POLICY PEER Details:<br />=============================<br /><br />Peer IP: 192.168.50.77<br />Conn ID: 11<br />Mode : PUSH<br />State : ACTIVE<br />Version: 2.0<br />Conn up time: 00:08:57<br />Conf keepalive: 100<br />Negotiated keepalive: 100<br />Time since last keepalive: 00:00:36<br />Inform owner on pull: TRUE<br />Total number of associated sessions: 1<br />Associated session details:<br />CA9B591E0000003C<br /><br />ISGD2#<br /><br /><br /><span style="font-weight: bold;">Verify SCMP peer in the SCE :<br /><br /></span><br /><br /><br />SCE2020-2#sh scmp all<br />SCMP Connection 'isg-dev2' status:<br />172.16.0.29 auth-port 1645 acct-port 1646<br />Connection state: Connected<br />Peer protocol-version: 2.0<br />Keep-alive interval: 100 seconds<br />Force single SCE: Yes<br />Send session start: Yes<br />Time connected: 9 minutes, 18 seconds<br /><br /><br /><br /><br /><span style="font-weight: bold;">Verify subscriber session GUID mapping package in SCE :</span><br /><br />SCE2020-2#SH interface LineCard 0 subscriber name CA9B591E0000003C<br />Subscriber 'CA9B591E0000003C' manager: isg-dev2<br />Subscriber 'CA9B591E0000003C' properties:<br />downVlinkId=0<br />monitor=1<br />new_classification_policy=0<br /><span style="font-weight: bold;">packageId=6</span><br />QpLimit[0..17]=0*17,8<br />QpSet[0..17]=0*17,1<br />upVlinkId=0<br />Subscriber 'CA9B591E0000003C' read-only properties:<br />concurrentAttacksNumber=0<br />PV_QP_QuotaSetCounter[0..17]=0*18<br />PV_QP_QuotaUsageCounter[0..17]=0*18<br />PV_REP_nonReportedSessionsInTUR=0<br />P_aggPeriodType=5<br />P_blockReportCounter=0<br />P_endOfAggPeriodTimestamp=0<br />P_firstTimeParty=TRUE<br />P_localEndOfAggPeriodTimestamp=0<br />P_MibSubCounters16[0..31][0..1]=0*64<br />P_MibSubCounters32[0..31][0..1]=0*64<br />P_newParty=TRUE<br />p_numOfRedirections=0<br />P_partyCurrentDownVLink=0<br />P_partyCurrentPackage=6<br />P_partyCurrentUpVLink=0<br />P_partyGoOnlineTime=0<br />P_partyMonth=0<br />P_serviceReportedBitMap=0<br />Subscriber 'CA9B591E0000003C' mappings:<br />IP 172.16.94.2 - Expiration (sec): Unlimited<br />Subscriber 'CA9B591E0000003C' has 0 active sessions.<br />Aging disabled<br />SCE2020-2# <br /><br /><br /></span></span>0PPPOE and L2TP Multihop VPDNhttp://ccieobsessed.blogspot.com/2009/07/pppoe-and-l2tp-multihop-vpdn.htmlconfigurationl2tpmultihop vpdnpppoenoreply@blogger.com (Ahmad Fadly Abbas)Thu, 30 Jul 2009 14:35:00 +0700tag:blogger.com,1999:blog-1547438151139198241.post-1729165943728134877<span style="font-size:100%;"><span style="font-family:trebuchet ms;">There are many different technology in broadband access network, include DSL, cable , ethernet, wireless etc. PPPoe is commonly used by ADSL technology in ISP. L2tp is one of the most used protocol in broadband network, it is commonly used by operators or broadband access provider to extend their network to ISP as a wholesale.</span></span><span style="font-size:100%;"><br /><br /><span style="font-family:trebuchet ms;">I tried to make basic concept and configuration about how to implement them. For PC, i'm using windowsXP as a pppoe client, cisco 2600 as lac (vpn-server), 7200 as lns (isg-dev2), 7200 as lns-2 (isg2-jtpd) for terminating ppp session from pc </span></span><span style="font-size:100%;"><br /><br /><br /><span style="font-family:trebuchet ms;">pc will connect with pppoe using a user with domain @imm.com, vpn-server will accept pppoe request and forward and L2TP based on domain to lns (ISG-DEV2). lns than forward the ppp using l2tp multihop to lns-2 based on multihop lac hostname. lns-2 then will terminate the ppp and give the user ip adress.</span><br /><br /></span><br /><span style="font-size:100%;"><br /><br /><span style="font-family:trebuchet ms;">DIAGRAM :</span><br /><br /><br /></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHgFbnS7bKoZ9ZKjyuk51g9n0zbuL-U5dUnqbv7zASrpO2rQkfZnDI-PSWBRqGOhi0xnlC9CQ1ocwUbqy1QRCHn2NhO6sZfSxALyG_XsS7WTnDlkM0GUVb_OlkBlb-zjjyM0EsY8gvs58/s1600-h/vpdn+multihop.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 174px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHgFbnS7bKoZ9ZKjyuk51g9n0zbuL-U5dUnqbv7zASrpO2rQkfZnDI-PSWBRqGOhi0xnlC9CQ1ocwUbqy1QRCHn2NhO6sZfSxALyG_XsS7WTnDlkM0GUVb_OlkBlb-zjjyM0EsY8gvs58/s400/vpdn+multihop.JPG" alt="" id="BLOGGER_PHOTO_ID_5369785373498458754" border="0" /></a><br /><br /><span style="font-size:100%;"><br /><span style="font-family:trebuchet ms;">CONFIGURATION :</span><br /><br /><span style="font-family:trebuchet ms;">1. pppoe :</span><br /><br /><span style="font-family:trebuchet ms;">VPN-SERVER#</span><br /><br /><span style="font-family:trebuchet ms;">! </span><br /><span style="font-family:trebuchet ms;">vpdn-group pppoe</span><br /><span style="font-family:trebuchet ms;"> accept-dialin</span><br /><span style="font-family:trebuchet ms;"> protocol pppoe</span><br /><span style="font-family:trebuchet ms;"> virtual-template 15</span><br /><span style="font-family:trebuchet ms;"> lcp renegotiation always</span><br /><span style="font-family:trebuchet ms;">!</span><br /><br /><br /><span style="font-family:trebuchet ms;">2. VPDN Tunnel Switching :</span><br /><br /><span style="font-family:trebuchet ms;">VPN-SERVER#</span><br /><span style="font-family:trebuchet ms;">!</span><br /><span style="font-family:trebuchet ms;">vpdn search-order domain </span><br /><span style="font-family:trebuchet ms;">! </span><br /><span style="font-family:trebuchet ms;">vpdn-group 1</span><br /><span style="font-family:trebuchet ms;"> request-dialin</span><br /><span style="font-family:trebuchet ms;"> protocol l2tp</span><br /><span style="font-family:trebuchet ms;"> domain imm.com</span><br /><span style="font-family:trebuchet ms;"> initiate-to ip 11.0.0.1 </span><br /><span style="font-family:trebuchet ms;"> local name lac</span><br /><span style="font-family:trebuchet ms;"> no source vpdn-template</span><br /><span style="font-family:trebuchet ms;"> l2tp tunnel password peditea</span><br /><span style="font-family:trebuchet ms;">!</span><br /><br /><span style="font-family:trebuchet ms;">ISGDEV2#</span><br /><br /><span style="font-family:trebuchet ms;">vpdn-group multihop-in</span><br /><span style="font-family:trebuchet ms;"> accept-dialin</span><br /><span style="font-family:trebuchet ms;"> protocol l2tp</span><br /><span style="font-family:trebuchet ms;"> virtual-template 1</span><br /><span style="font-family:trebuchet ms;"> terminate-from hostname lac</span><br /><span style="font-family:trebuchet ms;"> local name lns-multi</span><br /><span style="font-family:trebuchet ms;"> l2tp tunnel password 0 peditea</span><br /><br /><span style="font-family:trebuchet ms;">3. VPDN MULTIHOP (L2TP)</span><br /><br /><span style="font-family:trebuchet ms;">ISGDEV2#</span><br /><span style="font-family:trebuchet ms;">!</span><br /><span style="font-family:trebuchet ms;">vpdn multihop</span><br /><span style="font-family:trebuchet ms;">vpdn search-order multihop-hostname </span><br /><span style="font-family:trebuchet ms;">!</span><br /><span style="font-family:trebuchet ms;">vpdn-group multihop</span><br /><span style="font-family:trebuchet ms;"> request-dialin</span><br /><span style="font-family:trebuchet ms;"> protocol l2tp</span><br /><span style="font-family:trebuchet ms;"> multihop hostname lac</span><br /><span style="font-family:trebuchet ms;"> initiate-to ip 192.168.89.6</span><br /><span style="font-family:trebuchet ms;"> local name lns-multi</span><br /><span style="font-family:trebuchet ms;"> l2tp tunnel password 0 peditea</span><br /><span style="font-family:trebuchet ms;">!</span><br /><br /><span style="font-family:trebuchet ms;">ISG-JTPD#</span><br /><span style="font-family:trebuchet ms;">!</span><br /><span style="font-family:trebuchet ms;">vpdn-group 1</span><br /><span style="font-family:trebuchet ms;"> accept-dialin</span><br /><span style="font-family:trebuchet ms;"> protocol l2tp</span><br /><span style="font-family:trebuchet ms;"> virtual-template 1</span><br /><span style="font-family:trebuchet ms;"> terminate-from hostname lns-multi</span><br /><span style="font-family:trebuchet ms;"> local name lns-server</span><br /><span style="font-family:trebuchet ms;"> l2tp tunnel password 0 peditea</span><br /><span style="font-family:trebuchet ms;">!</span><br /><br /><span style="font-family:trebuchet ms;">VERIFYING :</span><br /><br /><br /><br /><span style="font-family:trebuchet ms;">VPN_SERVER#sh vpdn </span><br /><br /><span style="font-family:trebuchet ms;">L2TP Tunnel and Session Information Total tunnels 1 sessions 1</span><br /><br /><span style="font-family:trebuchet ms;">LocID RemID Remote Name State Remote Address Port Sessions VPDN Group</span><br /><span style="font-family:trebuchet ms;">3402 65399 lns-multi est 11.0.0.1 1701 1 1 </span><br /><br /><span style="font-family:trebuchet ms;">LocID RemID TunID Intf Username State Last Chg Uniq ID</span><br /><span style="font-family:trebuchet ms;">964 33172 3402 SSS Circuit -imm@imm.com est 00:00:14 344 </span><br /><br /><br /><span style="font-family:trebuchet ms;">ISGDEV2#sh vpdn tunnel </span><br /><br /><span style="font-family:trebuchet ms;">L2TP Tunnel Information Total tunnels 2 sessions 2</span><br /><br /><span style="font-family:trebuchet ms;">LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/</span><br /><span style="font-family:trebuchet ms;"> Count VPDN Group </span><br /><span style="font-family:trebuchet ms;">30787 61466 lns-server est 192.168.89.6 1 multihop </span><br /><span style="font-family:trebuchet ms;">65399 3402 lac est 11.0.0.2 1 multihop-in </span><br /><br /><br /><span style="font-family:trebuchet ms;">ISG2-JTPD#sh vpdn </span><br /><br /><br /><span style="font-family:trebuchet ms;">L2TP Tunnel and Session Information Total tunnels 1 sessions 1</span><br /><br /><span style="font-family:trebuchet ms;">LocID RemID Remote Name State Remote Address Port Sessions L2TP Class/ </span><br /><span style="font-family:trebuchet ms;"> VPDN Group </span><br /><span style="font-family:trebuchet ms;">61466 30787 lns-multi est 192.168.89.3 1701 1 1 </span><br /><br /><span style="font-family:trebuchet ms;">LocID RemID TunID Username, Intf/ State Last Chg Uniq ID </span><br /><span style="font-family:trebuchet ms;"> Vcid, Circuit </span><br /><span style="font-family:trebuchet ms;">8 10696 61466 -imm@imm.com, Vi3 est 00:01:03 491 </span><br /><br /><br /><span style="font-family:trebuchet ms;">Reference : http://www.cisco.com/en/US/docs/ios/bbdsl/configuration/guide/bba_understanding_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1049344</span><br /><br /></span>0Point-to-Point Protocol over Ethernet - using windows & ciscohttp://ccieobsessed.blogspot.com/2009/07/point-to-point-protocol-over-ethernet.htmlpppoepppoe clientpppoe servernoreply@blogger.com (Ahmad Fadly Abbas)Wed, 29 Jul 2009 14:10:00 +0700tag:blogger.com,1999:blog-1547438151139198241.post-113801399783958292<span style=";font-family:trebuchet ms;font-size:100%;" >PPPOE </span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">is a network protocol for encapsulation pp</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">p in ethernet network. It </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">is one of dial technology beside pptp and L2TP. It is usually used in adsl network, subcriber can access </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">internet provider using user's credential (username an</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">d password) . PPPOE works in layer 2 </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">netw</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">ork meanwhile PPTP work in Layer 3.</span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><br />What I want to show you is the </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">basic configuratio</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">n using </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">w</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">i</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">ndows as a pppoe client and cisco 2600 as a pppoe server.</span></span><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">Here is the diagram :<br /><br /></span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">-----------------------------------------------------------------------------</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">------</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">------------------</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">------------<br /></span></span><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgT0aFZFCBTpM-uWQE2wSKwVwcFXvWGF33_Rs7jMaVZrTZUEaY6x63XRfcKKSYlJ88k_ec7ppPWYvihMzfIIZzlG2vfzL9782TAkRZduIkXvt9XHgLEC_-TznO-BnQ7k7HfVYgbOjvQUE4/s1600-h/ppoe+windows+xp+cisco.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 137px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgT0aFZFCBTpM-uWQE2wSKwVwcFXvWGF33_Rs7jMaVZrTZUEaY6x63XRfcKKSYlJ88k_ec7ppPWYvihMzfIIZzlG2vfzL9782TAkRZduIkXvt9XHgLEC_-TznO-BnQ7k7HfVYgbOjvQUE4/s400/ppoe+windows+xp+cisco.JPG" alt="" id="BLOGGER_PHOTO_ID_5369790690290332290" border="0" /></a><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">------------------------------------------------------</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">-----------------------</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">------------------------------------<br /></span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">1. Create Virtual-Temp</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">late :<br /></span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">config)# interface Virtual-Te</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">mplate1</span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(config-if)#</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"> ip unnumbered FastEth</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">ernet0/1.81<br /></span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(config-if)#</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"> ip tcp adjust-mss 1460<br /><br />2. Enable vpdn and making vpdn-group :</span></span><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(c</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">onfig)# vpdn enable</span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(config)# </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">vpdn-group pppoe</span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(config-vpdn)# </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">accept</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">-dialin</span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(config</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">-vpdn</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">-acc-in)# </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">protocol pppoe<br /></span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(config</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">-vpdn</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">-acc-in)# </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">virtual-template 1</span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(config</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">-vpdn</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">-</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">acc-in)# exit</span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(config</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">-vpdn</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">)# </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">lcp renegotiatio</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">n always</span></span><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">3. Configure authentication &amp; ip address pool :<br /></span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">Enable AAA and method-list :<br /></span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><br />VPN_SERVER(config</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">)# </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">aaa new-mod</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">e</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">l<br /></span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(config</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">)# </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">aaa authentication ppp defau</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">lt local<br /></span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(config</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">)# </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">aaa authorization net</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">work default local</span></span><br /><br />Create Username :<br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SE</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">RVER(config</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">)# </span></span>username fadly password 0 cisco<br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">Create Ip pool :</span></span><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(config</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">)#</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"> ip local pool vpn_sce 192.168.100.1 192.168.10</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">0.100<br /></span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">Enable pp</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">p authenti</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">cation and </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">assign </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">pool :<br /><br /></span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(config)# interface </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">Virtual-Template1</span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(config-if)#</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"> </span></span>peer default ip address pool vpn_sce<br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(config-if)#</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"> </span></span> ppp authentication pap chap<br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">4. Enable pppoe </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">in interface :</span></span><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVE</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">R(config)# </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">interface FastEthernet0/0</span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(config-if)#</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"> ip </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">address 172.16.0.11 255.255.128.0 </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">secondary</span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER(co</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">nfig-if)#</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"> </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">pppoe </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">enable</span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><br /></span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">5. Create pppoe client and Dial from windows XP :<br /></span></span><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi87KKzt-h6jgMMVI8dGFsLfvRMYv63EdV7Zl2jX-vhEvH463dmu1SmYtqW6dfCpZRJI8JOtqg4OdENqqUkzwejX6cHUfIqOQK5DfOvID1QTtsUv-8mLzJ10cDQ90UWSwp2shaByJQhhpg/s1600-h/create+new+conn.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 193px; height: 57px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi87KKzt-h6jgMMVI8dGFsLfvRMYv63EdV7Zl2jX-vhEvH463dmu1SmYtqW6dfCpZRJI8JOtqg4OdENqqUkzwejX6cHUfIqOQK5DfOvID1QTtsUv-8mLzJ10cDQ90UWSwp2shaByJQhhpg/s200/create+new+conn.JPG" alt="" id="BLOGGER_PHOTO_ID_5363796025645305874" border="0" /></a><br /><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwFda5oKFa77bFAkgI7TWAaHiv_7tA7PBtR66Hakb-GK6HakZso0US2f7XJuND5Cb_XTgwGXv5468obzyIrj2skjn_RW5mvHq7IvPfZDKdfCsAp5p96sY0jG17jKkIUEeecAi5mHgkeX4/s1600-h/pppoe+2.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 158px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwFda5oKFa77bFAkgI7TWAaHiv_7tA7PBtR66Hakb-GK6HakZso0US2f7XJuND5Cb_XTgwGXv5468obzyIrj2skjn_RW5mvHq7IvPfZDKdfCsAp5p96sY0jG17jKkIUEeecAi5mHgkeX4/s200/pppoe+2.JPG" alt="" id="BLOGGER_PHOTO_ID_5363796395766298242" border="0" /></a><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZaDK0oQ7cLXta0XqRp8ouNokY6jiiMtfXYYdwQoji7wxO-pdjYqoZvsJjIWMeQxDx27s9RQ-s57XVgVjwi1ryn8gdLr9BqJOdQTHl7FtBbJEPzGK2igWisPPHTJWKs3-3l9Cp7lUMIIc/s1600-h/pppoe+3.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 157px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZaDK0oQ7cLXta0XqRp8ouNokY6jiiMtfXYYdwQoji7wxO-pdjYqoZvsJjIWMeQxDx27s9RQ-s57XVgVjwi1ryn8gdLr9BqJOdQTHl7FtBbJEPzGK2igWisPPHTJWKs3-3l9Cp7lUMIIc/s200/pppoe+3.JPG" alt="" id="BLOGGER_PHOTO_ID_5363796491538342786" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjY_mpuwo05-KzGPpvWmhsBg5F0qQNAXuhvdXqsLoobqPPf5XpHCHcjFmUm1TUshRGVD1V4nwsUUG6Xblrau26uvMocSZY4rKsCecnQ74vM3i3hTqgIOsSg3F8lNmmUt4O-glJYXSyE01g/s1600-h/pppoe+4.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 158px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjY_mpuwo05-KzGPpvWmhsBg5F0qQNAXuhvdXqsLoobqPPf5XpHCHcjFmUm1TUshRGVD1V4nwsUUG6Xblrau26uvMocSZY4rKsCecnQ74vM3i3hTqgIOsSg3F8lNmmUt4O-glJYXSyE01g/s200/pppoe+4.JPG" alt="" id="BLOGGER_PHOTO_ID_5363796613669823634" border="0" /></a><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDyIf-Z-fllAKnNGBkN8raahRSN_CQFZqmttlWgTuzQdfShK2suvIZwm7U2C55npHM1CjeZr-65SgMlG67S7uvUoH2X89HJ9k4BtmWLjL-RXizVKnod2varp7haLA23dwa1XcIvA8A1G0/s1600-h/pppoe+5.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 156px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDyIf-Z-fllAKnNGBkN8raahRSN_CQFZqmttlWgTuzQdfShK2suvIZwm7U2C55npHM1CjeZr-65SgMlG67S7uvUoH2X89HJ9k4BtmWLjL-RXizVKnod2varp7haLA23dwa1XcIvA8A1G0/s200/pppoe+5.JPG" alt="" id="BLOGGER_PHOTO_ID_5363798956608612898" border="0" /></a><br /><br /><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><br /></span></span><br /><br /><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnWgOwTYB-i8sNgFbI32SKiKbTKpza5rIopVfvOj801nvbL2Jrl76AAz_ddMsYA5RwCDEO3jhT695hUtqAr1atTNj5Ef1vRswh7afaNJnBEmvOgRe2OrzBlIUi40PdFm_OjfoY8BsAYDw/s1600-h/pppoe+6.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 156px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnWgOwTYB-i8sNgFbI32SKiKbTKpza5rIopVfvOj801nvbL2Jrl76AAz_ddMsYA5RwCDEO3jhT695hUtqAr1atTNj5Ef1vRswh7afaNJnBEmvOgRe2OrzBlIUi40PdFm_OjfoY8BsAYDw/s200/pppoe+6.JPG" alt="" id="BLOGGER_PHOTO_ID_5363799097437403922" border="0" /></a><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjJDBbV393cnx5inyWT1Ek-dTqmTUX-1_bVYpOwTKYWAIlGKebj5At7_myShY2-FbRM0yrdArKKWQ9I0GJfhLQCpQgKO8DvZG30MqVv1LyQNnUe7vY86JColZxrEaM52YyjS4FqNdfXjM/s1600-h/pppoe+7.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 156px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjJDBbV393cnx5inyWT1Ek-dTqmTUX-1_bVYpOwTKYWAIlGKebj5At7_myShY2-FbRM0yrdArKKWQ9I0GJfhLQCpQgKO8DvZG30MqVv1LyQNnUe7vY86JColZxrEaM52YyjS4FqNdfXjM/s200/pppoe+7.JPG" alt="" id="BLOGGER_PHOTO_ID_5363799180433026562" border="0" /></a><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><br /></span></span><br /><br /><br /><br /><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEih2Fw6hqg7iZxT6FCb-4gWUGUs828y16pyAGWhcBfrl_Qe_RqVlyHVXxqFrzAuirU8kGsoXaQU2m_k2WOkHmz1lZgDzkdVOXz0FPSn49rxeIYBcnQTvzBXXTug_Z6YXf3vCai9zBa_25Y/s1600-h/pppoe+8.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 166px; height: 200px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEih2Fw6hqg7iZxT6FCb-4gWUGUs828y16pyAGWhcBfrl_Qe_RqVlyHVXxqFrzAuirU8kGsoXaQU2m_k2WOkHmz1lZgDzkdVOXz0FPSn49rxeIYBcnQTvzBXXTug_Z6YXf3vCai9zBa_25Y/s200/pppoe+8.JPG" alt="" id="BLOGGER_PHOTO_ID_5363799244702747650" border="0" /></a><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCpCVc-wIXxLILpsY8vwH1TlxcyqqglSj3U6TMELlYAZUcBvKfxaLyfZ6-RfhYieQaBrNVlzujpeayn6cQGQdEXbc_YP4qmATPFWrNDMUZP5Z2PLJazGb5Hlrewgkno1eOCqKP65XjCPM/s1600-h/pppoe+9.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 169px; height: 200px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCpCVc-wIXxLILpsY8vwH1TlxcyqqglSj3U6TMELlYAZUcBvKfxaLyfZ6-RfhYieQaBrNVlzujpeayn6cQGQdEXbc_YP4qmATPFWrNDMUZP5Z2PLJazGb5Hlrewgkno1eOCqKP65XjCPM/s200/pppoe+9.JPG" alt="" id="BLOGGER_PHOTO_ID_5363799323309643074" border="0" /></a><br /><br /><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><br /></span></span><br /><br /><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><br /><br /><br /></span></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_ZDzqhg_e_ODHPuDMqJsu4UWywAoTEoUYpKOuMy4Jxe5DPWNcrHwmfKVIrnixT2kc6ksTWfcDYlQ3ExNedqQmBcG73OFQPpAAOM5oCmZ0xRiQRSb4dS3Oeol8rmz08StTq1Uq8SqsLeU/s1600-h/pppoe+10.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 188px; height: 200px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_ZDzqhg_e_ODHPuDMqJsu4UWywAoTEoUYpKOuMy4Jxe5DPWNcrHwmfKVIrnixT2kc6ksTWfcDYlQ3ExNedqQmBcG73OFQPpAAOM5oCmZ0xRiQRSb4dS3Oeol8rmz08StTq1Uq8SqsLeU/s200/pppoe+10.JPG" alt="" id="BLOGGER_PHOTO_ID_5363799397532248370" border="0" /></a><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq2ZEbr2CoRJ_tKncQF5JmpVQdBT5cidUk-2p7lBduE86USjYOge-IneuwN0pPUIBSCNSBw_Ynhl4OX7J7aTYlCvnUWdtEwha_IINDLwofYlFePNdByu9OTEvEgd35hmOAueL0Ke023oU/s1600-h/pppoe+11.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 164px; height: 200px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq2ZEbr2CoRJ_tKncQF5JmpVQdBT5cidUk-2p7lBduE86USjYOge-IneuwN0pPUIBSCNSBw_Ynhl4OX7J7aTYlCvnUWdtEwha_IINDLwofYlFePNdByu9OTEvEgd35hmOAueL0Ke023oU/s200/pppoe+11.JPG" alt="" id="BLOGGER_PHOTO_ID_5363799470101659442" border="0" /></a><br /><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><br /><br /><br /></span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;"><br /><br /><br /><br />6. Verif</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">y the pppoe </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">session :</span></span><br /><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER#sh user<br />Line User Host(s) Id</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">le Location<br />* 66 vt</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">y 0 fadly i</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">dle 0</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">0:00:0</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">0 172.16.0.134<br /></span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">Interface User M</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">ode Idle Peer </span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">Addr</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">ess<br /></span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">Vi1.1 fadly PPPoE 00:00:00 192.168.100.5<br /></span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER#<br /><br /></span></span><br /><span style="font-size:100%;"><span style="font-family:trebuchet ms;">VPN_SERVER#sh vpdn<br /><br />PPPoE Tunnel and Session Information Total tunnels 1 sessions 1<br /><br />PPPoE Session Information<br />UID SID RemMAC OIntf Intf Session<br />LocMAC VASt state<br />278 841 0090.f55d.6dbc Fa0/0 Vi1.1 CNCT_PTA<br />000d.bd6c.3fc0 UP<br /><br /><br />VPN_SERVER#<br /><br />VPN_SERVER#sh sss session<br />Current SSS Information: Total sessions 1<br /><br />Uniq ID Type State Service Identifier Last Chg<br />278 PPPoE/PPP connected Local Term fadly 00:04:18<br /><br /><br />it is very straight forward :)<br /><br /><br /><br /></span></span>0Basic PIX firewall configurationhttp://ccieobsessed.blogspot.com/2009/07/basic-pix-configuration.htmlbasic pixpixpix clinoreply@blogger.com (Ahmad Fadly Abbas)Tue, 28 Jul 2009 10:02:00 +0700tag:blogger.com,1999:blog-1547438151139198241.post-2581933333704255277<span style=";font-family:trebuchet ms;font-size:100%;" ><span style="font-weight: bold;">This is the basic pix firewall configuration and concept</span><br /><br />Firewall is networking device that can protect unauthorized internet </span><span style=";font-family:trebuchet ms;font-size:100%;" >users from accessing private network. it has the concept of inside / private network and outside / internet by assigning security level. The outside has a security level of </span><span style=";font-family:trebuchet ms;font-size:100%;" >0 and inside has a security level of 100. Meaning that traffic from lower security level interface will not pass higher security level interface. We can modifiy the rule to make the traffic flow from outside interface to inside interface.<br /><br /><br /><span style="font-weight: bold;">Diagram :<br /><br /></span></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihoalQmACg12iGi01IEu2Y7BYlWVVE3lsRxeMoAx-Dtv7IOOEm5Oao-JJFSkF1AZJDzqMgSWYix4sY6rEQPKZj60ldZxjUQdbk5HuTGbjWjdjaVzIb3fAYIX8qAh7g-RbBkjroO_3Q61g/s1600-h/firewall+basic.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 109px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihoalQmACg12iGi01IEu2Y7BYlWVVE3lsRxeMoAx-Dtv7IOOEm5Oao-JJFSkF1AZJDzqMgSWYix4sY6rEQPKZj60ldZxjUQdbk5HuTGbjWjdjaVzIb3fAYIX8qAh7g-RbBkjroO_3Q61g/s400/firewall+basic.JPG" alt="" id="BLOGGER_PHOTO_ID_5369786129700190306" border="0" /></a><br /><br /><span style=";font-family:trebuchet ms;font-size:100%;" ><span style="font-weight: bold;"></span><span style="font-weight: bold;">Basic Configuration</span><br /><br />1. Set the hostname :<br /><br />pixfirewall# configure terminal<br />pixfirewall(config)#hostname pix-jtpd<br /><br /><br />2. Set the password :<br /><br />Login password :<br />pix-jtpd(config)# password cisco<br /><br />Enable password :<br />pix-jtpd(config)# enable password cisco<br /><br />3. Verifiying security level :<br /><br />pix-jtpd# show nameif<br />Interface Name Security<br />Ethernet0 outside 0<br />Ethernet1 inside 100<br />pix-jtpd#<br /><br />4. Set ip address :<br /><br />interface Ethernet0<br />nameif outside<br />security-level 0<br />ip address 192.168.78.182 255.255.255.252<br />!<br />interface Ethernet1<br />nameif inside<br />security-level 100<br />ip address 192.168.78.186 255.255.255.252<br /><br />Verify interface ip address :<br /><br />pix-jtpd# sh interface ip brief<br />Interface IP-Address OK? Method Status Protocol<br />Ethernet0 192.168.78.182 YES manual up up<br />Ethernet1 192.168.78.186 YES manual up up<br />pix-jtpd#<br /><br />Ping back to back ip address :<br /><br />pix-jtpd# ping 192.168.78.181<br />Type escape sequence to abort.<br />Sending 5, 100-byte ICMP Echos to 192.168.78.181, timeout is 2 seconds:<br />!!!!!<br />Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms<br />pix-jtpd# ping 192.168.78.185<br />Type escape sequence to abort.<br />Sending 5, 100-byte ICMP Echos to 192.168.78.185, timeout is 2 seconds:<br />!!!!!<br />Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms<br />pix-jtpd#<br /><br />5. Configure default route<br /><br />pix-jtpd(config)# route outside 0.0.0.0 0.0.0.0 192.168.78.181 1<br /><br /></span><span style=";font-family:trebuchet ms;font-size:100%;" >pix-jtpd# show ip route</span><span style="font-size:100%;"><br /></span><span style=";font-family:trebuchet ms;font-size:100%;" >C 192.168.78.180 255.255.255.252 is directly connected, outside<br />C 192.168.78.184 255.255.255.252 is directly connected, inside<br />S* 0.0.0.0 0.0.0.0 [1/0] via 192.168.78.181, outside<br />pix-jtpd#<br /><br />6. Configuring NAT and define subscriber network :<br /><br />a. Set ip address to name :<br />pix-jtpd(config)# name 192.168.32.0 subscriber<br /><br />b. Set subscriber route :<br />route inside chat-subs 255.255.255.0 192.168.78.185 1<br /><br />c. Setting nat :<br />inside network :<br />pix-jtpd(config)# nat (inside) 1 chat-subs 255.255.255.0<br />pix-jtpd(config)# nat (inside) 1 192.168.78.184 255.255.255.252<br /><br />global network :<br />global (outside) 1 192.168.78.188 netmask 255.255.255.255<br /><br />NOTE : must configure route from PE to global (outside)<br /><br />d. Veryfiy nat is working :<br /><br />pix-jtpd# sh xlate<br />94 in use, 3299 most used<br />PAT Global 192.168.78.188(1095) Local 192.168.32.30(2182)<br />PAT Global 192.168.78.188(1053) Local 192.168.32.30(59266)<br />PAT Global 192.168.78.188(1052) Local 192.168.32.30(65524)<br />PAT Global 192.168.78.188(1051) Local 192.168.32.30(50954)<br /><br />7. Making Rule / Access-list<br /><br />Setting ACL :<br /><br />pix-jtpd(config)# access-list acl_grp extended permit icmp any any<br />pix-jtpd(config)# access-list acl_grp extended permit tcp any any<br />pix-jtpd(config)# access-list acl_grp extended permit ip any any<br /><br />Apply to the interface :<br /><br />pix-jtpd(config)# access-group acl_grp in interface outside<br />pix-jtpd(config)# access-group acl_grp in interface inside<br /><br />Have a good try :D<br /></span>0Dhcp Fixed Addresshttp://ccieobsessed.blogspot.com/2009/07/dhcp-fixed-address.htmldhcpfixed addressubuntunoreply@blogger.com (Ahmad Fadly Abbas)Tue, 28 Jul 2009 08:18:00 +0700tag:blogger.com,1999:blog-1547438151139198241.post-3481416717167222880<span style=";font-family:trebuchet ms;font-size:100%;" >Some hosts will required fixed ip address, such as : web server, printer etc. Host which require fixed ip address need to be mapped with its mac-address. This is sample configuration of dhcp server :<br /><br />root@fadly-desktop:~# vi /etc/dhcp3/dhcpd.conf<br /><br />host fadly {<br />hardware ethernet 00:90:F5:5D:6D:BC;<br />fixed-address 192.168.78.206;<br />}<br /><br />subnet 192.168.78.204 netmask 255.255.255.252 {<br />option broadcast-address 192.168.78.207;<br />option routers 192.168.78.205;<br />option subnet-mask 255.255.255.252;<br />}<br /><br />option domain-name 202.155.0.10;</span>0Cisco - Linux Dhcp-relay settinghttp://ccieobsessed.blogspot.com/2009/07/cisco-linux-dhcp-relay-setting.htmldhcp-relaylinux dhcpnoreply@blogger.com (Ahmad Fadly Abbas)Fri, 17 Jul 2009 11:14:00 +0700tag:blogger.com,1999:blog-1547438151139198241.post-1645555744158960272<span style=";font-family:trebuchet ms;font-size:100%;" >This is the configuration of router as dhcp-relay and linux as dhcp server</span><br /><br /><span style="font-weight: bold;font-family:trebuchet ms;font-size:100%;" >Diagram :</span><span style=";font-family:trebuchet ms;font-size:100%;" ><br />----------------------------------------------------------------------------------------------------------------------------------------<br /><br /></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5Ts2XcpsJ4IiB9MeocpjQmw21wNiKv7kq8hTUqfqJO4ujZQXo5iQEdgmhHeYlQ6B-86IGDDH2NoHY1sYjXb4TzhuJINF5RTflM0z14ZXvwumjuBFl39xqN4v5NAwmWHFCu41Wc1gv5sQ/s1600-h/dchp+relay+ubuntu+server.JPG"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 161px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5Ts2XcpsJ4IiB9MeocpjQmw21wNiKv7kq8hTUqfqJO4ujZQXo5iQEdgmhHeYlQ6B-86IGDDH2NoHY1sYjXb4TzhuJINF5RTflM0z14ZXvwumjuBFl39xqN4v5NAwmWHFCu41Wc1gv5sQ/s400/dchp+relay+ubuntu+server.JPG" alt="" id="BLOGGER_PHOTO_ID_5369787702630440402" border="0" /></a><br /><span style=";font-family:trebuchet ms;font-size:100%;" >----------------------------------------------------------------------------------------------------------------------------------------<br /><br />1. Interface configuration :<br /><br />!<br />interface GigabitEthernet0/0.11<br />description ### Test Internet ###<br />encapsulation dot1Q 11<br />ip dhcp relay information trusted<br />ip dhcp relay information option vpn-id none<br />ip vrf forwarding vpn_internet<br />ip address 192.168.78.201 255.255.255.252<br />ip helper-address 192.168.78.198<br />end<br /><br />----------------------------------------------------------------------------------------------------------------------------------------<br /><br />Config note :<br /><br /></span><span style="font-weight: bold;font-family:trebuchet ms;font-size:100%;" class="content" ><span class="cBold">ip dhcp relay information trusted</span></span><span style=";font-family:trebuchet ms;font-size:100%;" ><br /></span><span style=";font-family:trebuchet ms;font-size:100%;" class="content" > <a name="wp1012807"></a><p class="pB1_Body1"> Usage Guidelines</p><p class="pB1_Body1">By default, if the gateway address is set to all zeros in the DHCP packet and the relay information option is already present in the packet, the Cisco IOS DHCP relay agent will discard the packet. If the <b class="cBold">ip dhcp relay information trusted </b>command is configured on an interface, the Cisco IOS DHCP relay agent will not discard the packet even if the gateway address is set to all zeros. Instead, the received DHCPDISCOVER or DHCPREQUEST messages will be forwarded to the addresses configured by the <b class="cCN_CmdName">ip helper-address</b> command as in normal DHCP relay operation. </p></span><span style=";font-family:trebuchet ms;font-size:100%;" ><span style="font-weight: bold;"><br />ip dhcp relay information option vpn-id</span><br /><br /><span class="content">To enable the system to insert VPN suboptions into the DHCP relay agent information option in forwarded BOOTREQUEST messages to a DHCP server and set the gateway address to the outgoing interface toward the DHCP server, use the <b class="cCN_CmdName">ip dhcp relay information option vpn-id </b>command in interface configuration mode. To remove the configuration, use the <b class="cBold">no</b> form of this command. </span></span><span style=";font-family:trebuchet ms;font-size:100%;" ><br /><br />refference : http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_dhc2.html#wp1012293<br /></span><span style=";font-family:trebuchet ms;font-size:100%;" ><br />2. Edit dhcp configuration :<br /><br />root@desktop:# vi /etc/dhcp3/dhcpd.conf<br /><br />ddns-update-style none;<br /><br />default-lease-time 600;<br />max-lease-time 7200;<br /><br />#authoritative;<br /><br />log-facility local7;<br /><br />option subnet-mask 255.255.255.252;<br />option broadcast-address 192.168.78.203;<br />option routers 192.168.78.201;<br /><br />subnet 192.168.78.200 netmask 255.255.255.252 {<br />range 192.168.78.202;<br />}<br /><br /><br />3. Checking log :<br /><br />Jul 15 18:17:22 -desktop dhcpd: DHCPDISCOVER from 00:0a:e4:36:03:a0 via 192.168.78.201<br />Jul 15 18:17:23 -desktop dhcpd: DHCPOFFER on 192.168.78.202 to 00:0a:e4:36:03:a0 (LENOVO-2EB43090) via 192.168.78.201<br />Jul 15 18:17:23 -desktop dhcpd: DHCPREQUEST for 192.168.78.202 (192.168.78.198) from 00:0a:e4:36:03:a0 (LENOVO-2EB43090) via 192.168.78.201<br />Jul 15 18:17:23 -desktop dhcpd: DHCPACK on 192.168.78.202 to 00:0a:e4:36:03:a0 (LENOVO-2EB43090) via 192.168.78.201<br />Jul 15 18:17:25 -desktop dhcpd: DHCPREQUEST for 192.168.78.202 from 00:0a:e4:36:03:a0 (LENOVO-2EB43090) via eth1<br />Jul 15 18:17:25 -desktop dhcpd: DHCPACK on 192.168.78.202 to 00:0a:e4:36:03:a0 (LENOVO-2EB43090) via eth1<br /><br />Have a good try.. :)<br /></span>0Dynamips Dynagen Tutorialhttp://ccieobsessed.blogspot.com/2009/07/dynamips-dynagen-tutorial.htmlbasic dynamipscisco router simulatordynagendynamipsnoreply@blogger.com (Ahmad Fadly Abbas)Wed, 15 Jul 2009 09:44:00 +0700tag:blogger.com,1999:blog-1547438151139198241.post-8595295301550871347<span style=";font-family:trebuchet ms;font-size:100%;" >(First ): Download dynagen at http://dynagen.org<br /><br />Go to download menu, you will be redirected to http://sourceforge.net<br />Go to Dynagen source / Linux : click dynagen-0.11.0.tar.gz<br />Point your mouse to use direct link, right click then copy link location, http://downloads.sourceforge.net/sourceforge/dyna-gen/dynagen-0.11.0.tar.gz?use_mirror=nchc<br /><br /> Download from Linux terminal :<br />root@desktop:~# wget http://downloads.sourceforge.net/sourceforge/dyna-gen/dynagen-0.11.0.tar.gz?use_mirror=nchc<br /><br /><br />(Second) : Create directory &amp; extract tarball<br /><br />Create Directory : root@desktop:~# mkdir /home/dynamips<br />Move source file to dynamips folder : root@desktop:~# mv dynagen-0.11.0.tar.gz /home/dynamips<br />Extract tarball : root@desktop:~# tar zxvf dynagen-0.11.0.tar.gz<br />Go to folder : root@desktop:~# cd /home/dynamips/dynagen-0.11.0<br />Check README file :root@desktop:/home/dynamips/dynagen-0.11.0#more README.txt<br />----------------------------------------------------------------------------------------------------------------------------------------<br /><br /> This version of Dynagen requires at least version 0.2.8-RC1 of Dynamips<br /><br />----------------------------------------------------------------------------------------------------------------------------------------<br /><br />(Third) : Download dynamips that is match to dynagen requirement<br /><br />Go to http://www.ipflow.utc.fr/blog/<br />point your mouse to this link 0.2.8-RC2 binary for Linux x86 platforms, right click and copy link location<br />http://www.ipflow.utc.fr/dynamips/dynamips-0.2.8-RC2-x86.bin<br /><br />Download from Linux terminal :<br />root@desktop:/home/dynamips/dynagen-0.11.0# wget http://www.ipflow.utc.fr/dynamips/dynamips-0.2.8-RC2-x86.bin<br /><br />Change privilege :<br />root@desktop:/home/dynamips/dynagen-0.11.0# chmod 777 dynamips-0.2.8-RC2-x86.bin<br /><br /><br />(Fourth) : Create Symlink (Symbolic link)<br />Go to folder : cd /usr/bin<br />symlink using alias for dynamips program : /usr/bin# ln -s /home/dynamips/dynagen-0.11.0/dynamips-0.2.8-RC2-x86.bin dynamips<br /> symlink using alias for dynagen program : /usr/bin# ln -s /home/dynamips/dynagen-0.11.0/dynagen dynagen<br /><br /><br />(Fifth) : Download, Extract &amp; Copy IOS image<br />Download IOS (I will not tell you how to get the IOS)<br />extract the IOS to make router boot up faster than ziped IOS<br />Create directory to store IOS :<br />root@desktop:/home/dynamips/dynagen-0.11.0# mkdir Images<br />navigate to folder : cd Images<br />copy IOS file : cp /home/C7200-K9.BIN C7200-K9.BIN<br /><br />(Sixth) : Running Sample Lab<br />Go to sample labs .net file : root@desktop: cd /home/dynamips/dynagen-0.11.0/sample_labs/simple1#<br />Edit simple1.net : vi sample1.net<br />----------------------------------------------------------------------------------------------------------------------------------------<br />[localhost]<br /><br /> [[7200]]<br /> # image = \Program Files\Dynamips\images\c7200-jk9o3s-mz.124-7a.image<br /> # On Linux / Unix use forward slashes:<br /> image = /home/dynamips/dynagen-0.11.0/Images/C7200-K9.BIN<br /> npe = npe-400<br /> ram = 160<br /><br /> [[ROUTER R1]]<br /> s1/0 = R2 s1/0<br /><br /> [[router R2]]<br /> # No need to specify an adapter here, it is taken care of<br /> # by the interface specification under Router R1<br /><br /><br /># R1 s1/0 ----- R2 s1/0<br /><br />----------------------------------------------------------------------------------------------------------------------------------------<br /><br />(Seventh) : Run dynamips instance 7200 in background (&amp;)<br /><br />root@desktop:/home/dynamips/dynagen-0.11.0/sample_labs/simple1# dynamips -H 7200 &amp;<br />[1] 7267<br />root@desktop:/home/dynamips/dynagen-0.11.0/sample_labs/simple1# Cisco Router Simulation Platform (version 0.2.8-RC2-x86)<br />Copyright (c) 2005-2007 Christophe Fillot.<br />Build date: Oct 2 2008 01:17:18<br /><br />ILT: loaded table "mips64j" from cache.<br />ILT: loaded table "mips64e" from cache.<br />ILT: loaded table "ppc32j" from cache.<br />ILT: loaded table "ppc32e" from cache.<br />Hypervisor TCP control server started (port 7200).<br /><br /><br />(Eighth) : Run Dynagen simple1.net<br />root@desktop:/home/dynamips/dynagen-0.11.0/sample_labs/simple1#dynagen simple1.net<br /><br />Dynagen management console for Dynamips and Pemuwrapper 0.11.0<br />Copyright (c) 2005-2007 Greg Anuzelli, contributions Pavel Skovajsa<br /><br />=> list<br />Name Type State Server Console<br />R1 7200 running localhost:7200 2000<br />R2 7200 running localhost:7200 2001<br />=><br /><br />(Ninth) : Access / Telnet R1 &amp; R2<br /><br />----------------------------------------------------------------------------------------------------------------------------------------<br />root@desktop:~# telnet localhost 2000<br />Trying 127.0.0.1...<br />Connected to localhost.<br />Escape character is '^]'.<br />Connected to Dynamips VM "R1" (ID 0, type c7200) - Console port<br /><br />Router#conf t<br />Enter configuration commands, one per line. End with CNTL/Z.<br />Router(config)#hostname R1<br />R1(config)#int serial 1/0<br />R1(config-if)#no shutdown<br /><br />----------------------------------------------------------------------------------------------------------------------------------------<br /><br />root@desktop:~# telnet localhost 2001<br />Trying 127.0.0.1...<br />Connected to localhost.<br />Escape character is '^]'.<br />Connected to Dynamips VM "R2" (ID 1, type c7200) - Console port<br /><br />Router#conf t<br />Enter configuration commands, one per line. End with CNTL/Z.<br />Router(config)#hostname R2<br />R2(config)#int serial 1/0<br />R2(config-if)#no shutdown<br /><br />----------------------------------------------------------------------------------------------------------------------------------------<br /><br />R1#sh cdp neighbors<br />Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge<br /> S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone<br /><br />Device ID Local Intrfce Holdtme Capability Platform Port ID<br />R2 Ser 1/0 </span><span style=";font-family:trebuchet ms;font-size:100%;" >15 R 7206VXR Ser 1/0</span><span style="font-size:100%;"><br /></span><span style=";font-family:trebuchet ms;font-size:100%;" ><br />----------------------------------------------------------------------------------------------------------------------------------------<br /><br />R2#sh cdp nei<br />Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge<br /> S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone<br /><br />Device ID Local Intrfce Holdtme Capability Platform Port ID<br />R1 Ser 1/0 158 R 7206VXR Ser 1/0<br /><br />----------------------------------------------------------------------------------------------------------------------------------------<br />Set ip address :<br /><br />R1(config)#int ser 1/0<br />R1(config-if)#ip add 10.1.0.1 255.255.255.0<br /><br />R2(config)#int ser 1/0<br />R2(config-if)#ip add 10.1.0.2 255.255.255.0<br />R2(config-if)#<br /><br />Ping : R1 to R2<br /><br />R1#ping 10.1.0.1<br /><br />Type escape sequence to abort.<br />Sending 5, 100-byte ICMP Echos to 10.1.0.2, timeout is 2 seconds:<br />!!!!!<br />Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms<br /><br />(Tenth) : Turn off the router, Stop dynagen and dynamips<br /><br />Turn off the router :<br /><br />=><br />=> stop R1<br />C7200 'R1': stopping simulation.<br />100-VM 'R1' stopped<br />=> stop R2<br />100-VM 'R2' stopped<br />C7200 'R2': stopping simulation.<br />=><br /><br />Stop Dynagen simple1.net<br /><br />Exit dynagen :<br />=> exit<br />Exiting...<br />Shutdown in progress...<br />Shutdown completed<br /><br />Stop dynamips :<br /><br />root@desktop:/home/dynamips/dynagen-0.11.0/sample_labs/simple1# ps -ax |grep dynamips<br />Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html<br />7267 pts/0 Sl 39:08 dynamips -H 7200<br />7699 pts/0 R+ 0:00 grep dynamips<br /><br />root@desktop:/home/dynamips/dynagen-0.11.0/sample_labs/simple1# kill -9 7267<br /><br /><br />To optimize your pc, you have to set the idle-pc. idle-pc depend on IOS, to get the value use this step :<br /><br />=> idlepc get R1<br />Please wait while gathering statistics...<br /><br />Please wait while gathering statistics...<br />Done. Suggested idling PC:<br />0x608c5bc8 (count=48)<br /> 0x608c5bcc (count=35)<br /> 0x608463cc (count=59)<br />0x60847050 (count=71)<br />Restart the emulator with "--idle-pc=0x608c5bc8" (for example)<br /> 1: 0x608c5bc8 [48]<br /> 2: 0x608c5bcc [35]<br />* 3: 0x608463cc [59]<br /> 4: 0x60847050 [71]<br /><br /><br />Edit simple1.net : vi sample1.net<br /><br /><br />[localhost]<br /><br /> [[7200]]<br /> # image = \Program Files\Dynamips\images\c7200-jk9o3s-mz.124-7a.image<br /> # On Linux / Unix use forward slashes:<br /> image = /home/dynamips/dynagen-0.11.0/Images/C7200-K9.BIN<br /> npe = npe-400<br /> ram = 160<br />idlepc = 0x608463cc<br /><br />Save file<br /><br />simple1#dynagen simple1.net<br /><br />=> idlepc show R1<br />R1 has an idlepc value of: 0x608463cc<br />=> idlepc show R2<br />R2 has an idlepc value of: 0x608463cc<br />=><br /><br /> Have a good try ;)<br /><br />here is the usefull link to try dynamips and dynagen from iementor<br /><a href="http://www.iementor.com/Introduction_to_Dynamips.pdf">http://www.iementor.com/Introduction_to_Dynamips.pdf</a><br /></span>0Nas port equal to Zero (Nas-port = 0)http://ccieobsessed.blogspot.com/2009/04/nas-port-equal-to-zero-nas-port-0.htmlNas-Portnoreply@blogger.com (Ahmad Fadly Abbas)Mon, 13 Apr 2009 16:41:00 +0700tag:blogger.com,1999:blog-1547438151139198241.post-470230965674456482<span style=";font-family:trebuchet ms;font-size:100%;" class="content" ><p class="pB1_Body1">Nas-Port is one of the radius attribute that can be used for identifying user both of in the Router or in the radius server.<br /></p><p class="pB1_Body1">I'm using IOS SB and 7200 VXR for the router, it can be configured to send Nas-Port attribute or not. If you don't want to send it, you just configure the router like this :</p><p class="pB1_Body1"> <br /></p><p class="pB1_Body1">Diagram : PC ----L3 ISG ----- INTERNET<br /></p><p class="pB1_Body1"> |---- PORTAL </p><p class="pB1_Body1"> |---- RADIUS<br /></p><p class="pB1_Body1">----------------------------------------------------------------------------------------------------------------- <br /></p><p class="pB1_Body1">Configuration :<br /></p><p class="pB1_Body1">ISG-L4R(config)#aaa group server radius AAA<br />ISG-L4R(config-sg-radius)#attribute nas-port ?<br />format Set the format of the NAS-Port attribute<br /><span style="font-weight: bold;">none Don't send nas-port attribute</span><cr><br />ISG-L4R(config-sg-radius)#attribute nas-port none<br /></cr></p><p class="pB1_Body1">The debug result will be like this :</p><p class="pB1_Body1">(1). User login from Website :<br /></p>006675: Apr 13 14:52:44 WIB: RADIUS: COA received from id 105 20.0.92.156:32775, CoA Request, len 93<br />006676: Apr 13 14:52:44 WIB: RADIUS/DECODE: VSA external len != internal + VSA hdr<br /><br />(2). Nas-port is being disable :<br /><br />006677: Apr 13 14:52:44 WIB: RADIUS/ENCODE(00000D42):Orig. component type = IEDGE_IP_SIP<br /><span style="font-weight: bold;">006678: Apr 13 14:52:44 WIB: RADIUS/ENCODE: </span><span style="font-weight: bold;">NAS PORT sending disabled</span><br />006679: Apr 13 14:52:44 WIB: RADIUS(00000D42): Config NAS IP: 10.0.4.101<br />006680: Apr 13 14:52:44 WIB: RADIUS/ENCODE(00000D42): acct_session_id: 3447<br />006681: Apr 13 14:52:44 WIB: RADIUS(00000D42): Config NAS IP: 10.0.4.101<br /><br />(3). Login Request to Radius :<br /><br />006682: Apr 13 14:52:44 WIB: RADIUS(00000D42): sending<br />006683: Apr 13 14:52:44 WIB: RADIUS(00000D42): Send Access-Request to 10.0.100.29:1645 id 1645/150, len 109<br />006684: Apr 13 14:52:44 WIB: RADIUS: authenticator C0 6E 4D 8F 2E 5B 9B 17 - 89 90 06 DE 9F C4 CB B2<br />006685: Apr 13 14:52:44 WIB: RADIUS: Framed-IP-Address [8] 6 30.0.74.1 <br />006686: Apr 13 14:52:44 WIB: RADIUS: User-Name [1] 11 "pedi128k"<br />006687: Apr 13 14:52:44 WIB: RADIUS: User-Password [2] 18 *<br />006688: Apr 13 14:52:44 WIB: RADIUS: NAS-Port-Type [61] 6 Virtual [5]<br />006689: Apr 13 14:52:44 WIB: RADIUS: NAS-Port-Id [87] 11 "0/0/3/806"<br />006690: Apr 13 14:52:44 WIB: RADIUS: Service-Type [6] 6 Login [1]<br />006691: Apr 13 14:52:44 WIB: RADIUS: NAS-IP-Address [4] 6 10.0.4.101 <br />006692: Apr 13 14:52:44 WIB: RADIUS: Acct-Session-Id [44] 10 "00000D77"<br />006693: Apr 13 14:52:44 WIB: RADIUS: Nas-Identifier [32] 9 "ISG-L4R"<br />006694: Apr 13 14:52:44 WIB: RADIUS: Event-Timestamp [55] 6 1239609164 <br /><br />(4). Received response from Radius :<br /><br />006695: Apr 13 14:52:45 WIB: RADIUS: Received from id 1645/150 10.0.100.29:1645, Access-Accept, len 94<br />006696: Apr 13 14:52:45 WIB: RADIUS: authenticator 28 0C 18 47 8A E5 4E 9C - 45 7F B6 21 70 E0 A3 F0<br />006697: Apr 13 14:52:45 WIB: RADIUS: Class [25] 50<br />006698: Apr 13 14:52:45 WIB: RADIUS: 53 42 52 2D 43 4C 20 44 4E 3D 22 63 61 62 6C 65 [SBR-CL DN="pedi]<br />006699: Apr 13 14:52:45 WIB: RADIUS: 31 32 38 6B 22 20 41 54 3D 22 32 30 30 22 20 55 [128k" AT="200" U]<br />006700: Apr 13 14:52:45 WIB: RADIUS: 53 3D 22 22 20 53 49 3D 22 32 31 35 32 32 22 00 [ S="" SI="21522"]<br />006701: Apr 13 14:52:45 WIB: RADIUS: Vendor, Unknown [26] 12<br />006702: Apr 13 14:52:45 WIB: RADIUS: Unsupported [2] 6<br />006703: Apr 13 14:52:45 WIB: RADIUS: 00 00 00 01<br />006704: Apr 13 14:52:45 WIB: RADIUS: Session-Timeout [27] 6 86400 <br />006705: Apr 13 14:52:45 WIB: RADIUS: Idle-Timeout [28] 6 300 <br />006706: Apr 13 14:52:45 WIB: RADIUS(00000D42): Received from id 1645/150<br />006707: Apr 13 14:52:45 WIB: RADIUS/ENCODE(00000D42):Orig. component type = IEDGE_IP_SIP<br />006708: Apr 13 14:52:45 WIB: RADIUS: AAA Unsupported Attr: timeout [371] 4 86400<br />006709: Apr 13 14:52:45 WIB: RADIUS: AAA Unsupported Attr: idletime [123] 4 300<br /><br />(6). Ack response to Portal :<br /><br />006710: Apr 13 14:52:45 WIB: RADIUS(00000D42): sending<br />006711: Apr 13 14:52:45 WIB: RADIUS(00000D42): Send CoA Ack Response to 20.0.92.156:32775 id 105, len 70<br />006712: Apr 13 14:52:45 WIB: RADIUS: authenticator 55 36 45 5F 9E 23 1E 37 - 0E 07 E7 29 2B FD 0B 16<br />006713: Apr 13 14:52:45 WIB: RADIUS: Vendor, Cisco [26] 18<br />006714: Apr 13 14:52:45 WIB: RADIUS: ssg-command-code [252] 12<br />006715: Apr 13 14:52:45 WIB: RADIUS: 01 63 61 62 6C 65 31 32 38 6B [Account-Log-On pedi128k]<br />006716: Apr 13 14:52:45 WIB: RADIUS: Vendor, Cisco [26] 20<br />006717: Apr 13 14:52:45 WIB: RADIUS: ssg-account-info [250] 14 "S30.0.74.1"<br />006718: Apr 13 14:52:45 WIB: RADIUS: Session-Timeout [27] 6 86400 <br />006719: Apr 13 14:52:45 WIB: RADIUS: Idle-Timeout [28] 6 300 <br />006720: Apr 13 14:52:45 WIB: RADIUS/ENCODE(00000D42):Orig. component type = IEDGE_IP_SIP<br />006721: Apr 13 14:52:45 WIB: RADIUS/ENCODE: NAS PORT sending disabled<br />006722: Apr 13 14:52:45 WIB: RADIUS(00000D42): Config NAS IP: 10.0.4.101<br />006723: Apr 13 14:52:45 WIB: RADIUS(00000D42): Config NAS IP: 10.0.4.101<br /><br />(7). Sending Accounting Request :<br /><br />006724: Apr 13 14:52:45 WIB: RADIUS(00000D42): sending<br />006725: Apr 13 14:52:45 WIB: RADIUS(00000D42): Send Accounting-Request to 10.0.100.29:1646 id 1646/64, len 206<br />006726: Apr 13 14:52:45 WIB: RADIUS: authenticator D4 A8 64 DC B7 6B 89 1B - C9 D8 3B AF 45 53 03 0D<br />006727: Apr 13 14:52:45 WIB: RADIUS: Acct-Session-Id [44] 10 "00000D79"<br />006728: Apr 13 14:52:45 WIB: RADIUS: Framed-Protocol [7] 6 PPP [1]<br />006729: Apr 13 14:52:45 WIB: RADIUS: Vendor, Cisco [26] 13<br />006730: Apr 13 14:52:45 WIB: RADIUS: ssg-service-info [251] 7 "NINET"<br />006731: Apr 13 14:52:45 WIB: RADIUS: Vendor, Cisco [26] 34<br />006732: Apr 13 14:52:45 WIB: RADIUS: Cisco AVpair [1] 28 "parent-session-id=00000D77"<br />006733: Apr 13 14:52:45 WIB: RADIUS: User-Name [1] 11 "pedi128k"<br />006734: Apr 13 14:52:45 WIB: RADIUS: Acct-Status-Type [40] 6 Start [1]<br />006735: Apr 13 14:52:45 WIB: RADIUS: Framed-IP-Address [8] 6 30.0.74.1 <br />006736: Apr 13 14:52:45 WIB: RADIUS: NAS-Port-Type [61] 6 Virtual [5]<br />006737: Apr 13 14:52:45 WIB: RADIUS: NAS-Port-Id [87] 11 "0/0/3/806"<br />006738: Apr 13 14:52:45 WIB: RADIUS: Class [25] 50<br />006739: Apr 13 14:52:45 WIB: RADIUS: 53 42 52 2D 43 4C 20 44 4E 3D 22 63 61 62 6C 65 [SBR-CL DN="pedi]<br />006740: Apr 13 14:52:45 WIB: RADIUS: 31 32 38 6B 22 20 41 54 3D 22 32 30 30 22 20 55 [128k" AT="200" U]<br />006741: Apr 13 14:52:45 WIB: RADIUS: 53 3D 22 22 20 53 49 3D 22 32 31 35 32 32 22 00 [ S="" SI="21522"]<br />006742: Apr 13 14:52:45 WIB: RADIUS: Service-Type [6] 6 Framed [2]<br />006743: Apr 13 14:52:45 WIB: RADIUS: NAS-IP-Address [4] 6 10.0.4.101 <br />006744: Apr 13 14:52:45 WIB: RADIUS: Event-Timestamp [55] 6 1239609165 <br />006745: Apr 13 14:52:45 WIB: RADIUS: Nas-Identifier [32] 9 "ISG-L4R"<br />006746: Apr 13 14:52:45 WIB: RADIUS: Acct-Delay-Time [41] 6 0 <br /><br />(8). Received accounting response from Radius :<br /><br />006747: Apr 13 14:52:45 WIB: RADIUS: Received from id 1646/64 10.0.100.29:1646, Accounting-response, len 20<br /><br />In the above debug output you can see that there are no Nas-Port send in the user authentication and accounting. It because Nas-Port sending is being disabled.<br /><br />-----------------------------------------------------------------------------------------------------------------<br />In this topology I use ip routed session scenario, in this scenario we can see Router (ISG) is sending the <span style="font-style: italic; font-weight: bold;">Nas-Port value equal to zero</span>.<br /><br /></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">Here is the sample debug of nas port equal to zero :</span><br /></span><span style=";font-family:trebuchet ms;font-size:100%;" class="content" ><p class="pB1_Body1">(1). Sending Authentication request to Radius :<br /></p><p class="pB1_Body1">001672: Apr 13 12:33:27 WIB: RADIUS(00000A4B): Send Access-Request to 10.0.100.29:1645 id 1645/60, len 116<br />001673: Apr 13 12:33:27 WIB: RADIUS: authenticator 0A 4D 6D A0 9A 89 A0 E8 - 2D 70 65 89 25 90 2F 3A<br />001674: Apr 13 12:33:27 WIB: RADIUS: Framed-IP-Address [8] 6 30.0.74.1 <br />001675: Apr 13 12:33:27 WIB: RADIUS: User-Name [1] 12 "pedi1024k"<br />001676: Apr 13 12:33:27 WIB: RADIUS: User-Password [2] 18 *<br />001677: Apr 13 12:33:27 WIB: RADIUS: NAS-Port-Type [61] 6 Virtual [5]<br /><span style="font-weight: bold;">001678: Apr 13 12:33:27 WIB: RADIUS: </span><span style="font-weight: bold;">NAS-Port [5] 6 0 </span> <br />001679: Apr 13 12:33:27 WIB: RADIUS: NAS-Port-Id [87] 11 "0/0/3/806"<br />001680: Apr 13 12:33:27 WIB: RADIUS: Service-Type [6] 6 Login [1]<br />001681: Apr 13 12:33:27 WIB: RADIUS: NAS-IP-Address [4] 6 10.0.4.101 <br />001682: Apr 13 12:33:27 WIB: RADIUS: Acct-Session-Id [44] 10 "00000A4B"<br />001683: Apr 13 12:33:27 WIB: RADIUS: Nas-Identifier [32] 9 "ISG-L4R"<br />001684: Apr 13 12:33:27 WIB: RADIUS: Event-Timestamp [55] 6 1239600807 <br /></p><p class="pB1_Body1">(2). Received Authentication Response from Radius :</p><p class="pB1_Body1">001685: Apr 13 12:33:27 WIB: RADIUS: Received from id 1645/60 10.0.100.29:1645, Access-Accept, len 95<br />001686: Apr 13 12:33:27 WIB: RADIUS: authenticator 95 38 A5 67 3E 35 7A B2 - 50 AE 7B F8 2B 0B B3 64<br />001687: Apr 13 12:33:27 WIB: RADIUS: Class [25] 51<br />001688: Apr 13 12:33:27 WIB: RADIUS: 53 42 52 2D 43 4C 20 44 4E 3D 22 63 61 62 6C 65 [SBR-CL DN="pedi]<br />001689: Apr 13 12:33:27 WIB: RADIUS: 31 30 32 34 6B 22 20 41 54 3D 22 32 30 30 22 20 [1024k" AT="200" ]<br />001690: Apr 13 12:33:27 WIB: RADIUS: 55 53 3D 22 22 20 53 49 3D 22 32 31 34 38 32 22 [US="" SI="21482"]<br />001691: Apr 13 12:33:27 WIB: RADIUS: 00<br />001692: Apr 13 12:33:27 WIB: RADIUS: Vendor, Unknown [26] 12<br />001693: Apr 13 12:33:27 WIB: RADIUS: Unsupported [2] 6<br />001694: Apr 13 12:33:27 WIB: RADIUS: 00 00 00 01<br />001695: Apr 13 12:33:27 WIB: RADIUS: Session-Timeout [27] 6 86400 <br />001696: Apr 13 12:33:27 WIB: RADIUS: Idle-Timeout [28] 6 300 <br />001697: Apr 13 12:33:27 WIB: RADIUS(00000A4B): Received from id 1645/60<br />001698: Apr 13 12:33:27 WIB: RADIUS/ENCODE(00000A4B):Orig. component type = IEDGE_IP_SIP<br />001699: Apr 13 12:33:27 WIB: RADIUS: AAA Unsupported Attr: timeout [371] 4 86400<br />001700: Apr 13 12:33:27 WIB: RADIUS: AAA Unsupported Attr: idletime [123] 4 300<br /></p><p class="pB1_Body1">(3) Sending Ack response to portal :<br /></p><p class="pB1_Body1">001701: Apr 13 12:33:27 WIB: RADIUS(00000A4B): sending<br />001702: Apr 13 12:33:27 WIB: RADIUS(00000A4B): Send CoA Ack Response to 20.0.92.156:32775 id 44, len 71<br />001703: Apr 13 12:33:27 WIB: RADIUS: authenticator 67 B9 4E 33 4C D6 D9 B3 - 7B D4 95 75 6B AF F0 95<br />001704: Apr 13 12:33:27 WIB: RADIUS: Vendor, Cisco [26] 19<br />001705: Apr 13 12:33:27 WIB: RADIUS: ssg-command-code [252] 13<br />001706: Apr 13 12:33:27 WIB: RADIUS: 01 63 61 62 6C 65 31 30 32 34 6B [Account-Log-On cable1024k]<br />001707: Apr 13 12:33:27 WIB: RADIUS: Vendor, Cisco [26] 20<br />001708: Apr 13 12:33:27 WIB: RADIUS: ssg-account-info [250] 14 "S30.0.74.1"<br />001709: Apr 13 12:33:27 WIB: RADIUS: Session-Timeout [27] 6 86400 <br />001710: Apr 13 12:33:27 WIB: RADIUS: Idle-Timeout [28] 6 300 <br />001711: Apr 13 12:33:27 WIB: RADIUS/ENCODE(00000A4B):Orig. component type = IEDGE_IP_SIP<br />001712: Apr 13 12:33:27 WIB: RADIUS(00000A4B): Config NAS IP: 10.0.4.101<br />001713: Apr 13 12:33:27 WIB: RADIUS(00000A4B): Config NAS IP: 10.0.4.101<br /></p><p class="pB1_Body1"><br /></p><p class="pB1_Body1">(4). Sending Accounting request to Radius :</p><p class="pB1_Body1">001714: Apr 13 12:33:27 WIB: RADIUS(00000A4B): sending<br />001715: Apr 13 12:33:27 WIB: RADIUS(00000A4B): Send Accounting-Request to 10.0.100.29:1646 id 1646/11, len 214<br />001716: Apr 13 12:33:27 WIB: RADIUS: authenticator 2C 90 A8 7A 46 99 3C 70 - BE 6D F7 25 21 19 4F C9<br />001717: Apr 13 12:33:27 WIB: RADIUS: Acct-Session-Id [44] 10 "00000A4F"<br />001718: Apr 13 12:33:27 WIB: RADIUS: Framed-Protocol [7] 6 PPP [1]<br />001719: Apr 13 12:33:27 WIB: RADIUS: Vendor, Cisco [26] 13<br />001720: Apr 13 12:33:27 WIB: RADIUS: ssg-service-info [251] 7 "NINET"<br />001721: Apr 13 12:33:27 WIB: RADIUS: Vendor, Cisco [26] 34<br />001722: Apr 13 12:33:27 WIB: RADIUS: Cisco AVpair [1] 28 "parent-session-id=00000A4B"<br />001723: Apr 13 12:33:27 WIB: RADIUS: User-Name [1] 12 "pedi1024k"<br />001724: Apr 13 12:33:27 WIB: RADIUS: Acct-Status-Type [40] 6 Start [1]<br />001725: Apr 13 12:33:27 WIB: RADIUS: Framed-IP-Address [8] 6 30.0.74.1 <br />001726: Apr 13 12:33:27 WIB: RADIUS: NAS-Port-Type [61] 6 Virtual [5]<br /><span style="font-weight: bold;">001727: Apr 13 12:33:27 WIB: RADIUS: </span><span style="font-weight: bold;">NAS-Port [5] 6 0 </span> <br />001728: Apr 13 12:33:27 WIB: RADIUS: NAS-Port-Id [87] 11 "0/0/3/806"<br />001729: Apr 13 12:33:27 WIB: RADIUS: Class [25] 51<br />001730: Apr 13 12:33:27 WIB: RADIUS: 53 42 52 2D 43 4C 20 44 4E 3D 22 63 61 62 6C 65 [SBR-CL DN="pedi]<br />001731: Apr 13 12:33:27 WIB: RADIUS: 31 30 32 34 6B 22 20 41 54 3D 22 32 30 30 22 20 [1024k" AT="200" ]<br />001732: Apr 13 12:33:27 WIB: RADIUS: 55 53 3D 22 22 20 53 49 3D 22 32 31 34 38 32 22 [US="" SI="21482"]<br />001733: Apr 13 12:33:27 WIB: RADIUS: 00<br />001734: Apr 13 12:33:27 WIB: RADIUS: Service-Type [6] 6 Framed [2]<br />001735: Apr 13 12:33:27 WIB: RADIUS: NAS-IP-Address [4] 6 10.0.4.101 <br />001736: Apr 13 12:33:27 WIB: RADIUS: Event-Timestamp [55] 6 1239600807 <br />001737: Apr 13 12:33:27 WIB: RADIUS: Nas-Identifier [32] 9 "ISG-L4R"<br />001738: Apr 13 12:33:27 WIB: RADIUS: Acct-Delay-Time [41] 6 0 <br /></p><p class="pB1_Body1"><br /></p><p class="pB1_Body1">(4). Received Accounting Response from Radius :<br /></p><p class="pB1_Body1">001739: Apr 13 12:33:28 WIB: RADIUS: Received from id 1646/11 10.0.100.29:1646, Accounting-response, len 20<br /></p><p class="pB1_Body1">-----------------------------------------------------------------------------------------------------------------<br /></p><p class="pB1_Body1">And if you want to make nas-port not equal to zero, you can use extended Nas-port support.</p><p class="pB1_Body1">Configuration :<br /></p></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;">aaa group server radius AAA</span><br /><span style="font-family:trebuchet ms;">server 10.0.100.29 auth-port 1645 acct-port 1646</span><br /><span style="font-family:trebuchet ms;">ip radius source-interface GigabitEthernet0/3.806</span><br /><span style="font-family:trebuchet ms;">attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU</span><br /><span style="font-family:trebuchet ms;">deadtime 10</span><br /><br /><span style="font-family:trebuchet ms;">and the result will be like this :</span><br /></span><span style=";font-family:trebuchet ms;font-size:100%;" ><br />(1). User login at portal :<br /><br />007259: Apr 13 15:07:39 WIB: RADIUS: COA received from id 122 20.0.92.156:32775, CoA Request, len 95<br />007260: Apr 13 15:07:39 WIB: RADIUS/DECODE: VSA external len != internal + VSA hdr<br />007261: Apr 13 15:07:39 WIB: RADIUS/ENCODE(00000D81):Orig. component type = IEDGE_IP_SIP<br /><span style="font-weight: bold;">007262: Apr 13 15:07:39 WIB: RADIUS: Format E value 0xDBD for character U with bitmask 0xFFFFFFFF</span><br /><span style="font-weight: bold;">007263: Apr 13 15:07:39 WIB: RADIUS: Format E port 0xDBD with bit 32 processed</span><br />007264: Apr 13 15:07:39 WIB: RADIUS(00000D81): Config NAS IP: 10.0.4.101<br />007265: Apr 13 15:07:39 WIB: RADIUS/ENCODE(00000D81): acct_session_id: 3517<br />007266: Apr 13 15:07:39 WIB: RADIUS(00000D81): Config NAS IP: 10.0.4.101<br />007267: Apr 13 15:07:39 WIB: RADIUS(00000D81): sending<br /><br />(2). Sending Authentication Request to Radius :<br /><br />007268: Apr 13 15:07:39 WIB: RADIUS(00000D81): Send Access-Request to 10.0.100.29:1645 id 1645/158, len 116<br />007269: Apr 13 15:07:39 WIB: RADIUS: authenticator 89 50 7C 69 43 3C D1 EE - 65 30 C4 22 B1 6A 38 65<br />007270: Apr 13 15:07:39 WIB: RADIUS: Framed-IP-Address [8] 6 30.0.74.3 <br />007271: Apr 13 15:07:39 WIB: RADIUS: User-Name [1] 12 "pedi1024k"<br />007272: Apr 13 15:07:39 WIB: RADIUS: User-Password [2] 18 *<br />007273: Apr 13 15:07:39 WIB: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]<br /><span style="font-weight: bold;">007274: Apr 13 15:07:39 WIB: RADIUS: NAS-Port [5] 6 3517 </span><br />007275: Apr 13 15:07:39 WIB: RADIUS: NAS-Port-Id [87] 11 "0/0/3/806"<br />007276: Apr 13 15:07:39 WIB: RADIUS: Service-Type [6] 6 Login [1]<br />007277: Apr 13 15:07:39 WIB: RADIUS: NAS-IP-Address [4] 6 10.0.4.101 <br />007278: Apr 13 15:07:39 WIB: RADIUS: Acct-Session-Id [44] 10 "00000DBD"<br />007279: Apr 13 15:07:39 WIB: RADIUS: Nas-Identifier [32] 9 "ISG-L4R"<br />007280: Apr 13 15:07:39 WIB: RADIUS: Event-Timestamp [55] 6 1239610059 <br /><br />(3). Received Response from Radius :<br /><br />007281: Apr 13 15:07:39 WIB: RADIUS: Received from id 1645/158 10.0.100.29:1645, Access-Accept, len 95<br />007282: Apr 13 15:07:39 WIB: RADIUS: authenticator E3 22 CC 82 6E 49 F3 20 - 9C 20 5E CE 7D B9 EF 45<br />007283: Apr 13 15:07:39 WIB: RADIUS: Class [25] 51<br />007284: Apr 13 15:07:39 WIB: RADIUS: 53 42 52 2D 43 4C 20 44 4E 3D 22 63 61 62 6C 65 [SBR-CL DN="pedi]<br />007285: Apr 13 15:07:39 WIB: RADIUS: 31 30 32 34 6B 22 20 41 54 3D 22 32 30 30 22 20 [1024k" AT="200" ]<br />007286: Apr 13 15:07:39 WIB: RADIUS: 55 53 3D 22 22 20 53 49 3D 22 32 31 35 32 35 22 [US="" SI="21525"]<br />007287: Apr 13 15:07:39 WIB: RADIUS: 00<br />007288: Apr 13 15:07:39 WIB: RADIUS: Vendor, Unknown [26] 12<br />007289: Apr 13 15:07:39 WIB: RADIUS: Unsupported [2] 6<br />007290: Apr 13 15:07:39 WIB: RADIUS: 00 00 00 01<br />007291: Apr 13 15:07:39 WIB: RADIUS: Session-Timeout [27] 6 86400 <br />007292: Apr 13 15:07:39 WIB: RADIUS: Idle-Timeout [28] 6 300 <br />007293: Apr 13 15:07:39 WIB: RADIUS(00000D81): Received from id 1645/158<br />007294: Apr 13 15:07:39 WIB: RADIUS/ENCODE(00000D81):Orig. component type = IEDGE_IP_SIP<br />007295: Apr 13 15:07:39 WIB: RADIUS: AAA Unsupported Attr: timeout [371] 4 86400<br />007296: Apr 13 15:07:39 WIB: RADIUS: AAA Unsupported Attr: idletime [123] 4 300<br /><br />(4). Sending Ack response to portal :<br /><br />007297: Apr 13 15:07:39 WIB: RADIUS(00000D81): sending<br />007298: Apr 13 15:07:39 WIB: RADIUS(00000D81): Send CoA Ack Response to 20.0.92.156:32775 id 122, len 71<br />007299: Apr 13 15:07:39 WIB: RADIUS: authenticator D0 0B D7 83 04 4F 32 6A - 87 17 3C 62 0D 1E 25 64<br />007300: Apr 13 15:07:39 WIB: RADIUS: Vendor, Cisco [26] 19<br />007301: Apr 13 15:07:39 WIB: RADIUS: ssg-command-code [252] 13<br />007302: Apr 13 15:07:39 WIB: RADIUS: 01 63 61 62 6C 65 31 30 32 34 6B [Account-Log-On pedi1024k]<br />007303: Apr 13 15:07:39 WIB: RADIUS: Vendor, Cisco [26] 20<br />007304: Apr 13 15:07:39 WIB: RADIUS: ssg-account-info [250] 14 "S30.0.74.3"<br />007305: Apr 13 15:07:39 WIB: RADIUS: Session-Timeout [27] 6 86400 <br />007306: Apr 13 15:07:39 WIB: RADIUS: Idle-Timeout [28] 6 300 <br />007307: Apr 13 15:07:39 WIB: RADIUS/ENCODE(00000D81):Orig. component type = IEDGE_IP_SIP<br /><span style="font-weight: bold;">007308: Apr 13 15:07:39 WIB: RADIUS: Format E value 0xDBD for character U with bitmask 0xFFFFFFFF</span><br /><span style="font-weight: bold;">007309: Apr 13 15:07:39 WIB: RADIUS: Format E port 0xDBD with bit 32 processed</span><br />007310: Apr 13 15:07:39 WIB: RADIUS(00000D81): Config NAS IP: 10.0.4.101<br />007311: Apr 13 15:07:39 WIB: RADIUS(00000D81): Config NAS IP: 10.0.4.101<br />007312: Apr 13 15:07:39 WIB: RADIUS(00000D81): sending<br /><br />(5). Sending Accounting Request to Radius :<br /><br />007313: Apr 13 15:07:39 WIB: RADIUS(00000D81): Send Accounting-Request to 10.0.100.29:1646 id 1646/72, len 214<br />007314: Apr 13 15:07:39 WIB: RADIUS: authenticator 0B 51 C5 1E 61 E2 2F 15 - E2 8A 31 51 10 86 5E 63<br />007315: Apr 13 15:07:39 WIB: RADIUS: Acct-Session-Id [44] 10 "00000DBF"<br />007316: Apr 13 15:07:39 WIB: RADIUS: Framed-Protocol [7] 6 PPP [1]<br />007317: Apr 13 15:07:39 WIB: RADIUS: Vendor, Cisco [26] 13<br />007318: Apr 13 15:07:39 WIB: RADIUS: ssg-service-info [251] 7 "NINET"<br />007319: Apr 13 15:07:39 WIB: RADIUS: Vendor, Cisco [26] 34<br />007320: Apr 13 15:07:39 WIB: RADIUS: Cisco AVpair [1] 28 "parent-session-id=00000DBD"<br />007321: Apr 13 15:07:39 WIB: RADIUS: User-Name [1] 12 "pedi1024k"<br />007322: Apr 13 15:07:39 WIB: RADIUS: Acct-Status-Type [40] 6 Start [1]<br />007323: Apr 13 15:07:39 WIB: RADIUS: Framed-IP-Address [8] 6 30.0.74.3 <br />007324: Apr 13 15:07:39 WIB: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]<br /><span style="font-weight: bold;">007325: Apr 13 15:07:39 WIB: RADIUS: NAS-Port [5] 6 3517 </span><br />007326: Apr 13 15:07:39 WIB: RADIUS: NAS-Port-Id [87] 11 "0/0/3/806"<br />007327: Apr 13 15:07:39 WIB: RADIUS: Class [25] 51<br />007328: Apr 13 15:07:39 WIB: RADIUS: 53 42 52 2D 43 4C 20 44 4E 3D 22 63 61 62 6C 65 [SBR-CL DN="pedi]<br />007329: Apr 13 15:07:39 WIB: RADIUS: 31 30 32 34 6B 22 20 41 54 3D 22 32 30 30 22 20 [1024k" AT="200" ]<br />007330: Apr 13 15:07:39 WIB: RADIUS: 55 53 3D 22 22 20 53 49 3D 22 32 31 35 32 35 22 [US="" SI="21525"]<br />007331: Apr 13 15:07:39 WIB: RADIUS: 00<br />007332: Apr 13 15:07:39 WIB: RADIUS: Service-Type [6] 6 Framed [2]<br />007333: Apr 13 15:07:39 WIB: RADIUS: NAS-IP-Address [4] 6 10.0.4.101 <br />007334: Apr 13 15:07:39 WIB: RADIUS: Event-Timestamp [55] 6 1239610059 <br />007335: Apr 13 15:07:39 WIB: RADIUS: Nas-Identifier [32] 9 "ISG-L4R"<br />007336: Apr 13 15:07:39 WIB: RADIUS: Acct-Delay-Time [41] 6 0 <br /><br />(6). Received Accounting Response from Radius :<br /><br />007337: Apr 13 15:07:39 WIB: RADIUS: Received from id 1646/72 10.0.100.29:1646, Accounting-response, len 20<br /><br /><br /><br />In the above configuration is using format 'e' Nas-Port, format e is customized instead of format a to c, it is developed because not all off format are supported in the new cisco platform.</span><span style="font-size:100%;"><br /><br /><span style="font-family:trebuchet ms;">What i'm using in the configruration for the format nas-port is session id "U"</span><br /><br /><span style="font-family:trebuchet ms;">Radius-server attribute nas-port format</span><br /></span><table style="color: rgb(128, 128, 128);font-family:trebuchet ms;" id="wp1096012table1096010" width="80%" border="1" cellpadding="2" cellspacing="0"><tbody><tr valign="top" align="left"><td><p class="pB1_Body1"><span style="font-size:100%;"> Session ID </span></p> </td> <td><span style="font-size:100%;"><a name="wp1096086"></a></span><p class="pB1_Body1"><span style="font-size:100%;"> U </span></p></td></tr></tbody></table><span style="font-size:100%;"><br /><span style="font-family:trebuchet ms;">The value of session-id (hexadecimal) is converted to nas-port value (decimal)</span><br /><br /><span style="font-family:trebuchet ms;">Here is the result :</span><br /></span> <span style=";font-family:trebuchet ms;font-size:100%;" >007320: Apr 13 15:07:39 WIB: RADIUS: Cisco AVpair [1] 28 "parent-session-id=<span style="font-weight: bold;">00000DBD</span>"</span><span style="font-size:100%;"><br /><br /></span><span style=";font-family:trebuchet ms;font-size:100%;" ><span style="font-weight: bold;">Ox 00000DBD</span></span><span style="font-size:100%;"><span style="font-family:trebuchet ms;"> = 3517</span><br /><br /></span><span style=";font-family:trebuchet ms;font-size:100%;" ><br />You can find the detail from this cisco site<br /><br />http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/rd_naspt.html<br /></span>0Passed Routing &amp; Swiching CCIEhttp://ccieobsessed.blogspot.com/2009/04/passed-ccie.htmlnoreply@blogger.com (Ahmad Fadly Abbas)Fri, 3 Apr 2009 14:50:00 +0700tag:blogger.com,1999:blog-1547438151139198241.post-6423969691848990716<span style="font-size:100%;"><span style="font-family:trebuchet ms;">Finnaly I passed my CCIE Routing &amp; Switching exam at Sydney 26 November 2008. Thanks to my wife, friends, My Boss who support me to take this exam. It was very long journey, spent much time to exercise. At the end i'm very happy to be a CCIE. Next I will take another track or another exam. :)</span></span>0Buy another quad ethernet porthttp://ccieobsessed.blogspot.com/2008/07/buy-another-quad-ethernet-port.htmlnoreply@blogger.com (Ahmad Fadly Abbas)Tue, 15 Jul 2008 19:29:00 +0700tag:blogger.com,1999:blog-1547438151139198241.post-8460031342164597835<span style=";font-family:trebuchet ms;font-size:100%;" >Today I bought another Quad ethernet port to complete all what I need for My Lab. Tommorow I will have finished my lab connections. Now I will prepare the .net file for IE scenario. :) , Can't wait to see this lab completely build.</span>0Wondering to build advance dynamips labhttp://ccieobsessed.blogspot.com/2008/07/wondering-to-build-advance-dynamips-lab.htmlnoreply@blogger.com (Ahmad Fadly Abbas)Mon, 14 Jul 2008 23:17:00 +0700tag:blogger.com,1999:blog-1547438151139198241.post-3843067281235383912<span style="font-family: trebuchet ms;font-size:100%;" >Finished with 8 labs scenario from dynamips IE workbooks and wondering how to build a real lab with dynamips and some switches. Can I make a real lab with dynamips and switch?? yes, I found someone in the forum has already tried with this perfect combination (<a class="maintitle" href="http://7200emu.hacki.at/viewtopic.php?t=2754&amp;start=0&amp;postdays=0&amp;postorder=asc&amp;highlight=&amp;sid=6bf8fe3601e9b761bdfedc800838e6ae">Passed CCIE Lab, thanks to Dynamips).</a> Using new server from my office, I borrow 4 switches from my friend in my office and try to install them in the rack with the server. After that I buy a quad port ethernet and install to the server.</span>0Preparing CCIE study material & what's on CCIEhttp://ccieobsessed.blogspot.com/2008/07/preparing-what-to-has-to-prepare.htmlnoreply@blogger.com (Ahmad Fadly Abbas)Mon, 14 Jul 2008 22:50:00 +0700tag:blogger.com,1999:blog-1547438151139198241.post-7052388991688117000<span style=";font-family:trebuchet ms;font-size:100%;" >First, see what's on ccie. A Blue print of ccie lab exam from cisco.com, know what is covered by ccie lab exam. Join groupstudy, to know experiences from people who are working with some preparations and having some difficulties with what they are facing to the problem while they're studying or taking the real lab exam, finding out how to solve the problem.<br /><br />Watch CoD from IE and try IEWB scenario step by step, it is very helpful to know and give me very deep understanding about the underlying and the advance technology in ccie lab. There are some good strategy and tips to help in the day of the exam.</span>0Start to make my own labhttp://ccieobsessed.blogspot.com/2008/07/starting-to-make-my-own-lab.htmlnoreply@blogger.com (Ahmad Fadly Abbas)Mon, 14 Jul 2008 22:22:00 +0700tag:blogger.com,1999:blog-1547438151139198241.post-2191350184134623470<span style="font-size:100%;"><span style="font-family:trebuchet ms;">Start from making dynamips run in my macbook last year, I could make my 1st dynamips lab in my laptop, it was quite easy to setup good but not powerful enough to build 13 routers with 2GHz processor and 2 G of memory. Tried to do some practice lab refer to workbook and CoD in my spare time, because i wasn't very serious taking ccie lab in the near time. A year after I though I had to go for pursuing the ccie, why ?? because lots of people and some of my friends pursuing it and study very hard. Now they have got their number (congratulations). My dream is to get ccie in the first attempt, hope so :D</span></span>0