Router VPN virtual internal address setting and penetrate the network

    

To talk about today is how to make the single card VPN server will give a virtual internal address access client through VPN server address conversion to go out.

One, the so-called penetrate the network, is the VPN Client can be used in an internal address within a network, while the VPN server is located in a public legal IP address, the series is to dial a VPN server, and then dial the second VPN servers.AIR-LAP1262N-C-K9

To achieve two, in the WIN2000 system by netsh.exe, the specific command:

(1) Netsh Ras ip set addrassign method = pool;

Allocation of IP address pool;

(2) Netsh Ras IP add range from = 192.168.3.1 to = 192.168.3.254;

From 192.168.3.1 to 192.168.3.254 are address pool area, here is a virtual internal address pool;

(3) Netsh routing IP NAT install;

Installation of the NAT protocol;

(4) Netsh routing IP NAT add interface= mode =full local connection;

Set the local connection this card for external network adapter address and port translation, note that the remoteregistry service must be in the starting state;

(5) Netsh routing IP NAT add interface= mode=private;

Set up the virtual network adapter for the internal address, this card is the operating system virtual a invisible card.

Three, for the PPTP VPN, can penetrate the network, also can be connected in series, the L2TP/IPsec mode of the VPN using the NAT-T technology, can make L2TP/IPsec VPN can pass through the network, also can be connected in series.cisco wholesale

Network time protocol for the importance and method of deployment of network security

Is very important for the accuracy of NTP network security, the right setting only takes very little time, to protect its security nor any additional inputs, but in safety improvements will be very large. Below, I will give you a detailed introduction to the network time setting.cisco wholesale

One, what is the network time protocol

The network time protocol (NTP) is a kind of user datagram protocol (UDP) based on the server as a special protocol client, can be used to synchronize the time of network equipment.

For virtual private network, based on the time of the access control list, time synchronization is a very important function; and in the network debugging, safety testing and event correlation operation time, it is also a very important factor.

NTP is used in a call layer concept, the so-called layer refers to a device to an authoritative time source need to jump a few times. The 0 layer refers to one or a series of atomic clock based on, it can provide very accurate time concept. Is the 1 layer, it can get the information directly from the 0 layers of the clock, so that jump a layer, second layer third can be followed by analogy.

Two, the role of network time protocol

For the network NTP is a very important factor, so you have to make sure that it is correct and reliable. To ensure the most simple and feasible way is to build a first clock source in the network, to provide accurate and reliable time source. Typically, the most common method is to choose a device in the network, a router in general, synchronization with a common time source first or second layer, as the local network of the main clock source.

The internal equipment, server and host and the network clock synchronizing time. On the firewall, which allows you to conduct a comprehensive set of NTP through UDP port 123.

To ensure the authentication process of NTP through the router and the implementation of NTP access control list, also can improve the network security.

Three, ensure the safety of NIP

NTP authentication mode and you think may be different. NTP certification in Cisco routers on the time, the key lies in the source host (master clock), using the MD5 hash response. In the NTP certification time, request the client rather than from a router.

In this process, verification is the integrity of the requesting client source code, rather than the customer's effectiveness. This also means that, the router does not require authentication operation normally do. However, if the client authentication request is not approved for router configuration, NTP synchronous operation will fail.

Therefore, in order to ensure the reliability and security of the network, you should set the router to automatically for NTP synchronization in; they should obtain time information from first different sources of the time, and the establishment of authentication mechanism equivalent to between these routers.

In the deployment of NTP time, the access control list is a very useful tool. You can create an access control list of peer group to the network IP address for authentication and control, to ensure the security of router connection. In addition, you can also set up a "service" or "access control list to determine the limit" on the router which network IP address or network clock can query NTP.

The above mainly from the practice to introduce the configuration techniques of network time protocol, it also introduces the basic information of NIP protocol, this paper can give us the time protocol is of great help to understand.

AIR-LAP1262N-C-K9

Router VPN virtual internal address setting and penetrate the network

To talk about today is how to make the single card VPN server will give a virtual internal address access client through VPN server address conversion to go out.

One, the so-called penetrate the network, is the VPN Client can be used in an internal address within a network, while the VPN server is located in a public legal IP address, the series is to dial a VPN server, and then dial the second VPN servers.AIR-LAP1262N-C-K9

To achieve two, in the WIN2000 system by netsh.exe, the specific command:

(1) Netsh Ras ip set addrassign method = pool;

Allocation of IP address pool;

(2) Netsh Ras IP add range from = 192.168.3.1 to = 192.168.3.254;

From 192.168.3.1 to 192.168.3.254 are address pool area, here is a virtual internal address pool;

(3) Netsh routing IP NAT install;

Installation of the NAT protocol;

(4) Netsh routing IP NAT add interface= mode =full local connection;

Set the local connection this card for external network adapter address and port translation, note that the remoteregistry service must be in the starting state;

(5) Netsh routing IP NAT add interface= mode=private;

Set up the virtual network adapter for the internal address, this card is the operating system virtual a invisible card.

Three, for the PPTP VPN, can penetrate the network, also can be connected in series, the L2TP/IPsec mode of the VPN using the NAT-T technology, can make L2TP/IPsec VPN can pass through the network, also can be connected in series.cisco wholesale

Intelligent service experience of Cisco C2950 Ethernet switch

Cisco's fast Ethernet switch, CISCO WS-C2950-24 can provide the line speed of LRE and Gigabit Ethernet connectivity for small and medium sized network, and provide many kinds of intelligent services, such as enhanced security, high availability and high quality of service (QoS). Can provide desktop Fast Ethernet and fast Ethernet connection for entry-level enterprise, mid-market and branch network.Cisco 800 series 

CISCO WS-C2950-24 switch

CISCO 2950-24 is a Cisco switch from one of the oldest models, 24 port network machine standard, backplane bandwidth is 8.8Gbps, with 16MB DRAM and 8MB flash. In addition, it can also provide the LAN edge QoS perfect.

CISCO WS-C2950-24

Product type fast Ethernet switch

Transmission rate of 10Mbps/100Mbps

Products of 16MB DRAM and 8MB flash memory

Exchange store-and-forward

Backplane bandwidth 8.8Gbps

The MAC address table 8000

Port number 24

Interface of medium 10/100Base-T

Support full duplex transmission mode

Network standards, IEEE 802.3x, IEEE 802.1x IEEE 802.1D, IEEE 802.1p CoS, IEEE 802.1Q, IEEE 802.3ab, IEEE 802.3u, IEEE802.3

Stack function stack

VLAN support

Product size: 445 x 242 x 44

The weight of the product 3

Other parameters: SNMP network management information base (MIB) II, SNMP MIB, bridge MIB (RFC 1493)

CISCO 2950-24 switches can be the switches in the Cisco cluster configuration command or member switch. The command switch acts as a single IP address management points and all management administrator issued instructions. Set up to 15 of any medium connecting member switch can command switch. In addition, the command switch CMS also allows network administrators to assign spare or redundant, fault occurs in the main command switch, assume control management tasks.

Reliable quality and good performance experience of Cisco C2950

The new classification method of CISCO WS-C2950-24 switch supports two modes of. A model of IEEE based on 802.1p standard, with the level of service access point (CoS) value and the data packets to the appropriate queue. Second kinds of mode, data packet according to the network administrator assigned to the default CoS access port value to reclassify. If the arrival of the frame is not CoS value (such as unmarked frame), it will automatically according to the network administrator is assigned to the default CoS values to classify each port.

CISCO WS-C2950-24 switch

CISCO WS-C2950-24 switch with black appearance design, stable and reliable. It is very delicate, very solid materials, quality is reliable. Its body size is 445 x 242 x 44mm, weight 3.0kg.

CISCO WS-C2950-24 switch with 24 10/100 ports +2 10/100/1000 BASE-T port + enhanced image. It supports IEEE 802.1x, IEEE 802.3x, IEEE 802.1D, IEEE 802.1p CoS, IEEE 802.1Q, IEEE 802.3ab, IEEE 802.3u, IEEE802.3 and other web standards; with the SNMP management information base (MIB) II, SNMP MIB, bridge MIB (RFC 1493) and other management functions.

CISCO WS-C2950-24 switch

The network administrator can for each CISCO WS-C2950-24 switch configuration up to 64 virtual LAN (VLAN) to obtain a higher level of data security and enhanced the performance of LAN. This ensures that the data packet is transmitted to a specific VLAN workstation, the equivalent of between each port on the network to build a virtual firewall, thereby reducing the broadcast transmission.

In addition, 802.1Q VLAN VLAN backbone backbone structure can be used with standard created from any port, each VLAN spanning tree (PVST+) allows the user to build redundancy in the uplink, the load by multiple link allocation flow.

Assessment comments:

CISCO WS-C2950-24 switch quality is reliable, has various functions, bring the brand-new intelligent experience for enterprise users; in terms of performance, it's even more outstanding performance, in the actual test, the device test results have been fully met the theoretical efficiency, data transmission performance is very outstanding, can fully meet the high bandwidth the needs of the modern enterprise. CISCO WS-C2950-24 switch is a high price product, selection of suitable for entry-level enterprise, mid-market and branch network.Cisco 1900

Cisco will enter the storage market

Published: 2012-12-29 \ / classification: industry information \ / browsing: 218 views

In server virtualization, 2012 was a busy year. VMware and Microsoft released to great products. Many people think that the gap between the big two smaller cisco  router.

Increasingly fierce competition on 2013 IT people have what meaning? 2013 will appear what kind of server virtualization trend? Our industry experts forecast.

Expert Christian Mohn begins with a brief review of the virtual dynamic down in 2012. VMware changes in licensing and function to resist Microsoft Hyper-V 3. VRAM disappeared, VMware includes products and more characters in different license layer.

For 2013, unless the world at the end of December 21, 2012, as long as the server virtualization continue to develop in the data center, Microsoft and VMware are struggling to compete. The real competition to promote innovation, long-term and profitable. But will also lead to more complexity and more management levels, at the same time the enterprise tries to balance function, stability and price. These virtual trend is hierarchical hypervisor mode, the user can load transfer between the plurality of local Hypervisor and a foreign service cloud. But in 2013, the full realization of a bit difficult.

This year the popular words is "software defined data center". With virtualization across the computer and storage, moved to the network and security, we may see the birth of a new ability and plenty of innovative enterprises.

Interface technology training expert Jason Helmick said, last year to predict the trend of virtualization that is very correct. Discussion on the cloud has changed (also will continue to change): from "what is cloud" to "when do we use the cloud".

Microsoft challenge in front of the VMware book, indeed in some areas have made progress. Small and medium enterprises moths to Office 365. Large enterprises also see Hyper-V never too important service began to slowly into the private and hybrid virtualization products. Then Windows NT in much the same way, continue to enter the network operating system store. With the development of IT, people familiar with the Hyper-V 3, they expect more projects to merge the System Center 2012 and virtual machine manager. This year, Microsoft Server Core 2012 as a virtual operating system finally, to provide more in need of business services.

This is not to say that 2013 will be bad for VMware, after all, VMware support is the most. VMware will continue to grow in 2013, benefit from the IT industry transfer to virtualization and cloud computing. Between Microsoft and VMware these two giants of the competition means better solutions, including from the original framework plan to daily management. These will reduce the complexity and cost, at the same time for more users and IT (such as those that focus on the mastery of simultaneous administration of the two products) of PowerShell management in 2013 will increase by.

More and better products and increasing knowledge of IT will make 2013 is an unusual virtualization years.

Expert Maish Saidel-Keesing published  cisco switch  his views on 2013 business trends:

1.2013 years is not VDI.

2 heterogeneous cloud (of course, there are a number of hypervisor) become more common. And will continue to evolve, increase of platform and vendor support.

3 we will see more heavyweight manufacturers to join the storage and network field.

4 Cisco will through the acquisition of a storage vendors will enter the storage market.

5 Amazon and VMware will become a direct competitor. Public cloud market share and the terminal user is VMware have to touch the cheese.

Independent 6 application equipment will become more and more popular. VMware will once again leading the market.

Cisco 1900 Router

C1921 Modular Router, 2 GE, 2 EHWIC slots, 512DRAM, IP Base

The Cisco 1921 builds on the best-in-class offering of the Cisco 1841 Integrated Services Routers. All Cisco 1900 Series Integrated Services Routers offer embedded hardware encryption acceleration, optional firewall, intrusion prevention, and advanced security services. In addition, the platforms support the industry's widest range of wired and wireless connectivity options such as Serial, T1/E1, xDSL, Gigabit Ethernet, and third-generation (3G) wireless

Cisco 1900 Series Integrated Services Routers include:

2 integrated 10/100/1000 Ethernet ports

2 enhanced High-Speed WAN Interface Card (EHWIC) slots that can host 2 single wide or 1 double wide EHWIC module

The Cisco 1900 Series enables deployment in high-speed WAN environments with concurrent services enabled up to 15 Mbps.

The Cisco 1900 Series offers intelligent power management and allows you to control power to the modules based on the time of day. Cisco EnergyWise technology will be supported in the future.

Services integration and modularity on a single platform performing multiple functions optimizes raw-materials consumption and energy usage.

Platform flexibility and ongoing development of both hardware and software capabilities lead to a longer product lifecycle, lowering all aspects of the TCO, including materials and energy use.

High-efficiency power supplies are provided with each platform.

Cisco 1900 Router

Huawei S3700 Swich

Quidway ® S3700 series of enterprise network swtich (hereinafter referred to as S3700), is the Huawei Company launched a new generation of green energy-saving three layer Ethernet switch. It is based on a new generation of high performance hardware and Huawei VRP ® (Versatile Routing Platform) software platform, for business users to park together, access and other application scenarios, providing a simple and convenient installation and maintenance, flexible means of VLAN deployment and capability, POE power supply rich routing function and IPv6 smooth upgrade, and through the integration of the stack virtual router redundancy, network protection, rapid ring advanced technology effectively enhance the network robustness, can help enterprises to build for the future IT network. S3700 series switch box products for the equipment, chassis height is 1U, including S3700-28TP and S3700-52P two kinds big, provides the standard type (SI) and enhanced (EI) two version of a product, standard support two layer and three layer of basic function, enhanced support routing protocol is complex and rich business characteristics, including models are as follows: S3700-28TP-SI-AC/DC, S3700-28TP-EI-AC/DC, S3700-28TPEI-MC-AC, S3700-28TP-PWR-EI, S3700-28TP-EI-24S-AC, S3700-52P-SI-AC, S3700-52P-EI-AC/DC, S, 3700-52P-PWR-EI, S3700-52P-EI-24S-AC/DC, S3700-52P-EI-48S-AC/DC.

Huawei S3700 Switch

Product features

Service control flexible S3700 support Multi-VPN-Instance CE (MCE) function, the realization of different VPN user isolation in the same device, effectively solve the security problem of user data, while reducing the user cost of investment. S3700 support 1K multicast group, support IGMP Snooping/Filter/Fast Leave/Proxy protocol. S3700 supports wire-speed across VLAN multicast copy function, multicast support binding port load sharing, support for controllable multicast, fully meet the requirements of IPTV and other multicast business needs plenty of QoS strategy and security mechanism of S3700 to five tuples, IP priority, TOS, DSCP, IP protocol type, ICMP type, TCP source port, VLAN, Ethernet frame protocol type, CoS based on the information, realize the complex flow classification function. S3700 supports two rate three color flow speed based on the function of each port, to support the 8 priority queues, support WRR, DRR, SP, WRR + SP, DRR+SP variety of queue scheduling algorithm, effectively ensure the voice, video and data network service quality. S3700 series switches provide multiple security protection function. Support DoS (Denial of Service) class attack, network attack, user's anti-attack function. The Dos class attack mainly includes SYN Flood, Land, Smurf, ICMP Flood. Main attack against network if refers to the STP bpdu/root attack. Attacks against DHCP users to phishing attacks, man-in-the-middle attack, IP/MAC attack, Spoofing DHCP request flood, change the CHADDR value of DoS attack etc.. Through the support of the establishment and maintenance of DHCP Snooping binding table, listening to access the user's MAC/IP address, the lease period, VLAN-ID, interface and other information, to solve the problem of DHCP user IP and port tracking. At the same time, does not meet the illegal message binding table entry (ARP spoofing packets, unilaterally modify IP address) discarded directly, effectively prevent hackers or attacker by ARP message implementation of campus network common "man in the middle" attack. Use DHCP Snooping trust port characteristics can also guarantee the DH