Log into firewall ->from menu->Identification->web filtering ->enable url address filtering -> add the web site address or keyword
Monday, June 20, 2011
Wednesday, June 15, 2011
Upgrade Firmware on a Chassis 7500E
Configure a FTP server
In this example we use FTP to transfer files. TFTP can be used as well.
# Enable the FTP server.
<FTP-Server> system-view
[FTP-Server] ftp server enable
# Set the FTP username to aaa and password to hello.
[FTP-Server] local-user aaa
[FTP-Server-luser-aaa] password cipher hello
# Configure the user to have access to the aaa directory.
[FTP-Server-luser-aaa] service-type ftp
[FTP-Server-luser-aaa] authorization-attribute level 3
On device Download firmware using FTP
# Before upgrade, save the current configuraiton
# Log in to the FTP server (note that the prompt may vary with servers.)
<Device> ftp 2.2.2.2
Trying 2.2.2.2 ...
Press CTRL+K to abort
Connected to 2.2.2.2.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(2.2.2.2:(none)):aaa
331 Give me your password, please
Password:
230 Logged in successfully
[ftp]
# Download the soft-version2.app programs on the FTP server to the Flash of Device.
[ftp] binary
200 Type set to I.
[ftp] get soft-version2.app
[ftp] bye
<Device>
Set Config file and software as new boot files
# Specify the application program for the next boot on the active SRPU.
<Device> boot-loader file soft-version2.app slot 0 main
# Copy the application file on the standby SRPU.
<Device> copy soft-version2.app slot1#flash:/soft-version2.app
# Specify the application program for the next boot on the standby SRPU.
<Device> boot-loader file slot1#flash:/soft-version2.app slot 1 main
# Reboot the device. The software version is upgraded now.
<Device> reboot
Tuesday, June 14, 2011
UDP Helper
Sometimes, a host needs to forward broadcasts to obtain network configuration information or request
the names of other devices on the network. However, if the server or the device to be requested is
located in another broadcast domain, the host cannot obtain such information through broadcast.
To solve this problem, the device provides the UDP Helper function to relay specified UDP packets. In
other words, UDP Helper functions as a relay agent that converts UDP broadcast packets into unicast
packets and forwards them to a specified destination server.
With UDP Helper enabled, the device decides whether to forward a received UDP broadcast packet
according to the UDP destination port number of the packet. If the destination port number of the packet matches the one pre-configured on the device, the
device modifies the destination IP address in the IP header, and then sends the packet to the
specified destination server.
If not, the device sends the packet to the upper layer protocol for processing.
Configuration sample
# Enable UDP Helper.
<SwitchA> system-view
[SwitchA] udp-helper enable
# Enable the forwarding broadcast packets with the UDP destination port 55.
[SwitchA] udp-helper port 55
# Specify the destination server 10.2.1.1 on VLAN-interface 1.
[SwitchA] interface vlan-interface 1
[SwitchA-Vlan-interface1] ip address 10.110.1.1 16
[SwitchA-Vlan-interface1] udp-helper server 10.2.1.1
the names of other devices on the network. However, if the server or the device to be requested is
located in another broadcast domain, the host cannot obtain such information through broadcast.
To solve this problem, the device provides the UDP Helper function to relay specified UDP packets. In
other words, UDP Helper functions as a relay agent that converts UDP broadcast packets into unicast
packets and forwards them to a specified destination server.
With UDP Helper enabled, the device decides whether to forward a received UDP broadcast packet
according to the UDP destination port number of the packet. If the destination port number of the packet matches the one pre-configured on the device, the
device modifies the destination IP address in the IP header, and then sends the packet to the
specified destination server.
If not, the device sends the packet to the upper layer protocol for processing.
Configuration sample
# Enable UDP Helper.
<SwitchA> system-view
[SwitchA] udp-helper enable
# Enable the forwarding broadcast packets with the UDP destination port 55.
[SwitchA] udp-helper port 55
# Specify the destination server 10.2.1.1 on VLAN-interface 1.
[SwitchA] interface vlan-interface 1
[SwitchA-Vlan-interface1] ip address 10.110.1.1 16
[SwitchA-Vlan-interface1] udp-helper server 10.2.1.1
Proxy ARP
A proxy ARP enabled device allows hosts that reside on different subnets to communicate.
As shown in Figure Router connects to two subnets through Vlan-interface1 and Vlan-interface2.
The IP addresses of the two interfaces are 192.168.10.99/24 and 192.168.20.99/24. Host A and Host
B have the same prefix 192.168.0.0 assigned and connect to Vlan-interface1 and Vlan-interface2,
respectively..
Application environment of proxy ARP
Because Host A considers that Host B is on the same network, it directly sends an ARP request for the
MAC address of Host B. Host B, however, cannot receive this request because it locates in a different
broadcast domain.
You can solve the problem by enabling proxy ARP on Switch. After that, Switch can reply to the ARP
request from Host A with the MAC address of Vlan-interface1, and forward packets sent from Host A to
Host B. In this case, Switch seems like a proxy of Host B.
A main advantage of proxy ARP is that it is added on a single Switch without disturbing routing tables
of other Switchs in the network. Proxy ARP acts as the gateway for IP hosts that are not configured
with a default gateway or do not have routing capability.
Configuration Sample
# Specify the IP address of interface VLAN-interface 1.
[Switch] interface vlan-interface 1
[Switch-Vlan-interface1] ip address 192.168.10.99 255.255.255.0
# Enable proxy ARP on interface VLAN-interface 1.
[Switch-Vlan-interface1] proxy-arp enable Under vlan
[Switch-Vlan-interface1] quit
# Specify the IP address of interface VLAN-interface 2.
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0
# Enable proxy ARP on interface VLAN-interface 2.proxy-arp enable on vlan interface
[Switch-Vlan-interface2] proxy-arp enable
After completing preceding configurations, use the ping command to verify the connectivity between
Host A and Host B.
As shown in Figure Router connects to two subnets through Vlan-interface1 and Vlan-interface2.
The IP addresses of the two interfaces are 192.168.10.99/24 and 192.168.20.99/24. Host A and Host
B have the same prefix 192.168.0.0 assigned and connect to Vlan-interface1 and Vlan-interface2,
respectively..
Application environment of proxy ARP
Because Host A considers that Host B is on the same network, it directly sends an ARP request for the
MAC address of Host B. Host B, however, cannot receive this request because it locates in a different
broadcast domain.
You can solve the problem by enabling proxy ARP on Switch. After that, Switch can reply to the ARP
request from Host A with the MAC address of Vlan-interface1, and forward packets sent from Host A to
Host B. In this case, Switch seems like a proxy of Host B.
A main advantage of proxy ARP is that it is added on a single Switch without disturbing routing tables
of other Switchs in the network. Proxy ARP acts as the gateway for IP hosts that are not configured
with a default gateway or do not have routing capability.
Configuration Sample
# Specify the IP address of interface VLAN-interface 1.
[Switch] interface vlan-interface 1
[Switch-Vlan-interface1] ip address 192.168.10.99 255.255.255.0
# Enable proxy ARP on interface VLAN-interface 1.
[Switch-Vlan-interface1] proxy-arp enable Under vlan
[Switch-Vlan-interface1] quit
# Specify the IP address of interface VLAN-interface 2.
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0
# Enable proxy ARP on interface VLAN-interface 2.proxy-arp enable on vlan interface
[Switch-Vlan-interface2] proxy-arp enable
After completing preceding configurations, use the ping command to verify the connectivity between
Host A and Host B.
Statical configuration for ip address to arp
Configure a static ARP entry with IP address 192.168.1.1 and MAC address 00e0-fc01-0000. The
outgoing interface corresponding to the static ARP entry is GigabitEthernet 2/0/1 belonging to VLAN
10.
[Switch] arp static 192.168.1.1 00e0-fc01-0000 10 GigabitEthernet 2/0/1
[Switch] display arp static
Type: S-Static D-Dynamic A-Authorized
IP Address MAC Address VLAN ID Interface Aging Type
192.168.1.1 00e0-fc01-0000 10 GE2/0/1 N/A S
Note:- statical entry will not aged out in Arp table
outgoing interface corresponding to the static ARP entry is GigabitEthernet 2/0/1 belonging to VLAN
10.
[Switch] arp static 192.168.1.1 00e0-fc01-0000 10 GigabitEthernet 2/0/1
[Switch] display arp static
Type: S-Static D-Dynamic A-Authorized
IP Address MAC Address VLAN ID Interface Aging Type
192.168.1.1 00e0-fc01-0000 10 GE2/0/1 N/A S
Note:- statical entry will not aged out in Arp table
Subscribe to:
Posts (Atom)
Optimization of fortigate IPS
IPS signature need select according to infrastructure environment Eg:- if we are not have Linux servers this ips signature can disable (d...
-
DNS configuration set system name-server 202.83.21.12 set system name-server 202.83.20.102 Policy Command Equal to cisco network co...
-
Juniper hardware/Software diagnostics commands show version | savefilename show chassishardware | savefilename show chassisenvironment ...
