11/26/2009

Troubleshooting:(Windows sever 2008) DHCP server Access Denied

Lets say you added a new role in your Windows Server 2008 a DHCP server.
Now you trying to authorize it so it can accept DHCP clients request but you are getting a Access Denied message






This happens when you do not have permissions to do this
you NEED to add the user you using to a group which have permission to do it i mean to authorize your DHCP server to distribute DHCP to DHCP clients

You could add it to some default groups such like domain admin

After you ADD this user to the group which have permission to do this you NEED to log off that user and then log in again.
Posted by at No comments:

11/23/2009

TroubleShooting: Forticlient

When you getting this error
loc_ip=y.y.y.y.y loc_port=500 rem_ip=x.x.x.x rem_port=500 out_if=0 vpn_tunnel=test1
status=negotiate_error msg="No response from the peer, retransmit (st=1)....

program=ipsec msg=Failed to add vpn gateway x.x.x.x to trusted zone

The problem is mostlikely that IKE IPSEC service isnt configured to pass the firewall so check out those policies in the fortigate or in the firewall of the company.

I had that problem today when i was on a client and iwas trying to vpn to another client to fix something in there. I was getting that error... and i didnt know my co worker which configured that fortigate blocked IPSEC service, i realize that after 15 mins thinking what was it.
Posted by at No comments:

Configuration: Alcatel rate limit the traffic 6200s

I was asked to do it last week in my job ill give away a sample configuration of how you do it by CLI

You can rate limit the bandwidth upstream and downstream this is how you do it with Alcatel 6200s


qos advanced
mac access-list test1
permit any any
exit
class-map test2
match access-group test1
exit
policy-map test3
class test2
police "committed-rate in kbp" "committed-burst in bytes" exceed-action drop
exit
exit
interface ethernet "interface number"
service-policy input test3
traffic-shape "commited rate in kbps" "excessive burst in bytes"
exit

Works pretty good...
Posted by at No comments:

11/22/2009

Tech Note: Rip Auto Summarize

Another good Tech note if you are studying for CCNA exam

Rip just auto summarize when it crosses a different network boundary which means that if the networks has the same major network then the auto summarize wont happen

The other thing is that they all must share the same subnet mask

So Ex.1

10.1.10.0/24|-----R1<---192.168.1.0/30---->R2<----192.168.1.4/30---->R3----|10.2.20.0/24

here R1 will sned an update to R2 with Network 10.0.0.0
(As its a cross a diff. class boundary/ diff.network)

Ex.2

10.1.10.0/24|-----R1<---10.16.3.0/30---->R2<----10.16.3.4/30---->R3----|10.2.20.0/24

here R1 wont send an update to R2 !!!, Its the same class boundary , using the same Major network 10.0.0.0 but the update will be supressed, AS the out going int. have a DIFFERENT SUBNET MASK /30


Ex.3

10.1.10.0/24|-----R1<---10.16.3.0/24---->R2<----10.16.4.0/24---->R3----|10.2.20.0/24

NOW , the network will work fine, you will see that R1 will recive an update with 10.2.20.0 ,10.16.3.0 &
10.16.4.0 and the interface on R1 thats will recive the updates will apply a mask of /24 on them.
Posted by at 1 comment:

11/21/2009

Tech Notes: Feasible distance and Advertise distance

Feasible distance and Advertise distance
More Good stuff if you are studying for CCNA


FD=fiasable distance

AD=advertise distance

AD = distance from the neighbor router to the destiny

FD = AD+the cost between your router and his neighbor

is simple as that
Simple example

R1---------R2--------R3---------R4

Cost from R1 to R2 is 4

Cost from R2 to R4 is umm 8 so AD is 8 cause is the cost from the neighbor of R1 to destiny

FD = 4+8=12

in this example i just gave you a uniroute from R1 to R4 but normally there will be many routes with many differets FD, the router pick the one with lower FD and put it in the routing table.
Posted by at No comments:

How To: Router Summarization

Router summarization

Ripv1 and IGRP
those protocols do auto summary to the classfull network which means
if you try to add a network of 10.1.1.1 it will auto summary to 10.0.0.0

You cant turn off this auto summary in Ripv1 and IGRP

you can turn it off on Ripv2 and EIGRP summarizing

OSPF and IS IS does not auto summery

Note:
Classful routing protocols (RIPv1 and IGRP) automatically summarize routes on the classful network boundary and do not support summarization on any other bit boundaries. Classless routing protocols support summarization on any bit boundary.


Route Summarization Calculation example

suppose you got this networks attached to your router like different LAns

172.16.12.0/24

172.16.13.0/24

172.16.14.0/24

172.16.15.0/24

1) first step:
You will convert everything to binary

10101100.00010000.00001100.00000000 -->172.16.12.0
10101100.00010000.00001101.00000000 --->172.16.13.0
10101100.00010000.00001110.00000000 -->172.16.14.0
10101100.00010000.00001111.00000000 -->172.16.15.0


2) Second Step

You need to locate the bits till where the bits are equals
What i mean with this ?

10101100.00010000.00001100.00000000 -->172.16.12.0
10101100.00010000.00001101.00000000 --->172.16.13.0
10101100.00010000.00001110.00000000 -->172.16.14.0
10101100.00010000.00001111.00000000 -->172.16.15.0

As you can see all the bits are equal till 6th bit of the 3rd octet(can you can see it above i BOLDED all the equals bits)

Now you find this we will go to step 3

3)Third step

You need to count those bits, the summary route number will be the first IP address in the block, and the subnet mask will be the number of common bits.

so the answer is
172.16.12.0/22


Well i think this is all you need to know about summarizing
Posted by at No comments:

How to:Fortigate DHCP Address Reservation

Well here is something i have used a lot, in the day to day work and this is the DHCP Address Reservation

You can only configure it in CLI so you will need to access via Console, Telnet, or via web(The console in the status Dashboard)
so here is how you do it on fortinet (Fortigates)

config system dhcp reserved-address
edit "Carlos"
set ip 192.168.1.10
set mac 00:21:70:8B:79:DD
next
end

ip is the ip address you are assigning to the client
mac is the mac address of the network card or wireless network card

you MUST put end and then hit enter or this change wont save.



You must enter the mac address with the 00:21:70:8B:79:DD format, you cannot use the 00-21-70-8B-79-DD format

Now you would ask me, why would i want to do this?
Ill give you an scenario:

You got a small business client, and the network administrator of that company ask you that he needs that the Manager´s laptop get an specific IP, but he is unable to put it in the laptop because the manager uses his laptop outside the company and he needs DHCP enable on his wireless card because he doesnt know anything about IPs, static ips etc.
If he put the static ip in his laptop then the manager wont be able to connect in public APs or in his home, because it will have the company´s ip address in the wireless network card.
So how do you fix it?
Well that would be putting an address reservation on their Fortigate(Supposing this is the only DHCP Server in their network)
With this he will be able to have his wireless card with DHCP enabled and still in the company connect with the specific ip he needs and when he go to anywhere else he will be able to connect to any network with DHCP without doing any change on his network card.

This is really useful.
Posted by at 1 comment:
Subscribe to: Posts (Atom)