Saturday, December 30, 2006

Configure Cisco DSL Routers

I have just finished configuring my Cisco 1720 router with ADSL wic module installed. I'll show you step by step how to do that:

connect your router with the console cable
say 'no' for initial configuration

configure terminal mode
# conf term

change the enable secret password
# enable secret

change the hostname
# hostname adslrouter

assign IP address to the ethernet adapter (private IP address), use NAT
# int fastethernet 0
# ip address 192.168.0.254 255.255.255.0
# ip nat inside
# no shut
# exit

configure ATM interface
# int atm0
# no ip address
# no atm ilmi-keepalive
# dsl operating-mode auto
# no shut
# exit

configure ATM sub-interface
# int atm0.1 point-to-point

! find the PVC from your ISP
# pvc 8/35
# encapsulation aal5mux ppp dialer
# dialer pool-member 1
# exit
# exit

configure dialer interface
# int dialer 1

! if you get IP address from your ISP's DHCP, otherwise assign static address
# ip address negotiated

! access list for inbound traffic
# ip access-group 110 in

# ip nat outside
# encapsulation ppp
# dialer pool 1

! ppp authentication usernamen and password from your ISP
# ppp authentication chap callin
# ppp chap hostname <username@domain.com>
# ppp chap password
# exit

! NAT for internal clients
# ip nat inside source route-map NAT interface Dialer1 overload

! Port fowarding to internal Firewall
# ip nat inside source static tcp 192.168.0.10 22 interface Dialer1 22

# ip classless

! static route to dialer interface
# ip route 0.0.0.0 0.0.0.0 Dialer1

! access list for inbound connection to Dialer 1
# access-list 110 remark Inboud traffic to internal firewall
# access-list 110 remark Allow access to HTTPS from everywhere
# access-list 110 permit tcp any any eq 443
# access-list 110 remark Allow access to SSH only from X
# access-list 110 permit tcp host a.b.c.d any eq 22

! DNS is UDP that is not connection oriented, thus this is needed
# access-list 110 remark Allow DNS inbound
# access-list 110 permit ip host a.b.c.d any

! If you have SMTP server
# access-list 110 permit tcp any any eq smtp

! allow all established connection
# access-list 110 permit tcp any any established
# access-list 110 permit icmp any any

! deny all
# access-list 110 deny ip any any

! access list for route-map, being used by the ip nat
# access-list 150 remark NAT Traffic from Inside
# access-list 150 permit ip 192.168.0.0 0.0.0.255 any

# dialer-list 1 protocol ip permit

# route-map NAT permit 10
# match ip address 150

save it
# wr mem

Wednesday, December 27, 2006

Cisco BSCI Exam Passed!

Yes, today, I've passed the 642-801 BSCI Cisco exam with the score 868!!
BSCI is all about:
  • Routing protocols - RIP, IGRP, OSPF, EIGRP, ISIS, BGP
  • eBGP and iBGP
  • Redistribution of various routing protocols
  • Routes filter, distribute-list, route policy
  • and of course all the CCNA topics

There were 2 simulation questions that took quite a while for me to answer :)
This is the first exam out of four exams need to be done to get CCNP.

Thursday, December 21, 2006

Get the users' memberOf from Active Directory

Sometime you need to do an audit of your Enterprise users and make sure they are a member of the proper security group and distribution list within your Active Directory.

Here is the code in VBScript and talking to AD with LDAP:

On Error Resume Next
Dim OutPutFileDim FileSystem

Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
Set OutPutFile = FileSystem.CreateTextFile("users.txt", True)

'-- Number value of the error return by ADSI if the '-- memberOf attribute cannot be found.
'==================================================
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D

'-- Bind to the Users container'==============================
Set objOU = GetObject("LDAP://OU=Users,dc=domain,dc=com")

'-- Initialize the array for user accounts.
'==========================================
ObjOU.Filter= Array("user")

'-- Control Loop
'===============
For Each objUser in objOU
OutPutFile.WriteLine objUser.cn & " is a member of: "

'-- Use the GetEX method to intialize the array for group
'-- membership. Get method cannot be used as it does not
'-- multivalued attributes (user can be member of many groups.)
'============================================================== arrMemberOf = objUser.GetEx("memberOf")

'-- If the error is not raised from ADSI, then list the
'-- groups that are entries within the arrMemberOf array.
'-- If error is raised, display notification on screen.
'========================================================
If Err.Number <> E_ADS_PROPERTY_NOT_FOUND Then
For Each Group in arrMemberOf
OutPutFile.WriteLine vbTab & Group
Next
Else
Err.Clear
End If
Next

'Clean up
OutPutFile.CloseSet
FileSystem = Nothing

Friday, December 15, 2006

Mindsharp Sharepoint 2007

I was attending the Mindsharp SharePoint 2007 Administrators course last week in Sydney. It was really a very good course for SharePoint 2007, a lot of new stuff with SharePoint 2007 - great design, deployment architecture, DR strategy and flexibility.

The instructor name is Milan Gross. He was showing mostly everything with SharePoint 2007.

I am doing the planning and design with SharePoint 2007 right now. I'll post the basic step-by-step installation from the scratch shortly