Netprojnetworks Blog
534 FOLLOWERS
Netprojnetworks is a service delivery company specializing in wireless networks, spectrum analysis, mobility and wireless security.
Netprojnetworks Blog
7M ago
TCP Startup Connection Process
The TCP startup connection process begins with a handshake between two hosts.
One host initiates the handshake to another host.
To ensure that the destination host is available.
To ensure that the destination host is listening on the destination port number.
Inform the destination host of the initiator’s sequence number so that the two sides can track data as it is transferred.
Step #1
Computer_X sends a TCP packet to WebServer_X.
Computer_X initiates a TCP request to WebServer_X on TCP port 2023. Computer_X will use a randomly generated source port.
Th ..read more
Netprojnetworks Blog
7M ago
ARP stands for Address Resolution Protocol. It is a communication protocol used in computer networks to map an IP address (Internet Protocol address) to a physical MAC (Media Access Control) address. ARP is essential for the proper functioning of Ethernet networks and is used to discover the hardware address of a device (such as a computer or a router) on the same local network segment when its IP address is known.
Here’s how ARP works:
When a device on a local network wants to communicate with another device using its IP address, it first checks its ARP cache (a table that stores recently re ..read more
Netprojnetworks Blog
7M ago
show-profile-hierarchy-2Download
High-Level Groups and Profiles AP Groups
An AP group is a set of APs to which the same configuration is applied.
There is an AP group called “default,” to which all APs discovered by the controller are assigned. By using the “default” AP group, you can configure features that are applied globally to all APs.
I prefer creating new AP groups based on specific needs/requirements.
In the Aruba user-centric network, each AP has a unique name and belongs to an AP group.
It is important to know that you can create additional AP groups and assign APs to that new gro ..read more
Netprojnetworks Blog
8M ago
Part 1
show-profile-hierarchy-1Download
Destination Alias
Network aliases can reference internal networks, groups of servers, or external servers.
Example Destination Aliases
Create the network destination rule.
netdestination corp-internal
network 10.15.0.0 255.255.254.0
network 10.15.2.0 255.255.255.0
network 10.15.3.0 255.255.255.128
network 10.15.3.128 255.255.255.192
network 10.15.3.192 255.255.255.224
network 10.15.3.224 255.255.255.224
Create a firewall policy.
ip access-list session ACL-PERMIT-INTERNAL-NETWORKS
user alias corp-internal any permit
Associa ..read more
Netprojnetworks Blog
8M ago
Aruba’s configuration can be a bit confusing at times. The focus of the Aruba Campus Access Fundamentals, Implementing Aruba Campus Access, and ACMP building blocks is to bridge the basic configuration gaps.
Policy Enforcement Firewall
A firewall policy is a set of rules that examines where the packet is coming from,s destination, and what type of packet it is.
Firewall policies can allow or deny traffic based on user type or flows.
After the firewall policy is created, the user role can be created.
User roles are a set of firewall policies, along with other non-firewall-related items. Examp ..read more
Netprojnetworks Blog
8M ago
R5
!
interface Tunnel2023
ip address 172.16.0.5 255.255.255.0
no ip redirects
ip mtu 1476
ip nhrp map multicast dynamic
ip nhrp network-id 555
ip nhrp registration timeout 10
ip nhrp redirect
ip tcp adjust-mss 1436
tunnel source Ethernet0/0.100
tunnel mode gre multipoint
end
router eigrp CWNE387
!
address-family ipv4 unicast autonomous-system 387
!
af-interface Tunnel2023
no split-horizon
exit-af-interface
!
topology base
exit-af-topology
network 5.1.1.5 0.0.0.0
network 5.1.2.5 0.0.0.0
network 150.1.5.5 0.0.0.0
network 172.16.0.5 0.0.0.0
exit-address-famil ..read more
Netprojnetworks Blog
8M ago
Phase 3 requires mGRE tunnels similar to Phase 2, with tunnels on the hub and spokes of the DMVPN.
Adding an NHRP redirect allows the data plan of the spoke-to-spoke conversations to join the spokes directly without going through the hub.
This eliminates the requirements to conduct IP CEF resolution.
Phase 3 allows the spokes to support NHRP resolution requests, meaning that the hub is NOT the only device that contains the NHRP database.
High-Level Operations
The spokes register their mappings with the hub.
This allows the hub and spokes to discover and establish adjacencies dynamically ..read more
Netprojnetworks Blog
8M ago
For dynamic spoke-to-spoke tunnels to form, the spokes require multipoint tunnels.
Static entries for the hub are required on the spoke. Without the static entries, the NHRP registration cannot be sent.
DMVPN Phase 2 with static mapping restrictions:
Summarization is not allowed on the hub.
Default routing is not allowed on the hub.
The spoke must always maintain next-hope reachability.
R5 Hub
R5(config-if)#do show run int t2023
interface Tunnel2023
ip address 172.16.0.5 255.255.255.0
no ip redirects
ip mtu 1476
ip nhrp map 172.16.0.1 169.1.100.1
ip nhrp map 172.16.0.2 169.1.100.2 ..read more
Netprojnetworks Blog
8M ago
The hub router must be configured with multipoint.
The spokes must be configured with point-to-point.
The hub router must be configured to perform dynamic mappings.
Dynamic mappings allow for a much more scalable configuration.
How does this work?
When a spoke initially connects to the DMVPN network, it registers its tunnel-IP-address-to-NBMA-IP (PUBLIC IP) mapping with the hub router.
The hub will acknowledge the registration by sending back the registration message that was initiated by the spoke with a success code.
The registration enables the mGRE interface on the hub router to build a ..read more
Netprojnetworks Blog
8M ago
Network Type
DB/BDR
Hello Type
Unicast/Multicast
Hello/Dead/Wait
Intervals
Point-to-Point
NO
Multicast
10/40/40
Point-to-Multipoint
NO
Multicast
30/120/120
Point-to-Multipoint Non-broadcast
NO
Unicast
30/120/120
Broadcast
YES
Multicast
10/40/40
Non-Broadcast
YES
Unicast
30/120/120
Point-to-Point
R6(config-subif)#do show ip ospf int e0/1.146
Ethernet0/1.146 is up, line protocol is up
Internet Address 155.1.146.6/24, Area 0, Attached via Interface Enable
Process ID 1, Router ID 150.1.6.6, Network Type POINT_TO_POINT, Cost: 10
Topology-MTID Cost Disabled Shutdo ..read more