Information Technology

 Installation of NCS/NSO Natively on a Linux * Install  Java 1.8: cisco@NSO:~$  sudo   apt install openjdk-8-jre cisco@NSO:~$   sudo   java -version java version "1.8.0_51" Java(TM) SE Runtime Environment (build 1.8.0_51-b16) Java HotSpot(TM) 64-Bit Server VM * Install ant: cisco@NSO:~$ sudo apt  install ant -y cisco@NSO:~$ ant -version Apache Ant(TM) version 1.9.6 compiled on July 20 2018 * Update System: cisco@NSO:~$   sudo   apt update * Install the NCS/NSO Software in a local directory cisco@NSO:~/nso-4.7.linux.x86_64$  sh nso-4.7.linux.x86_64.installer.bin $HOME/nsc-47/ * The installation program creates a shell script file named ncsrc in each NCS/NSO installation, which sets the environment variables. Source this file to get these settings in your shell. You may want to add this sourcing command to your login sequence, such as .bashrc. cisco@NSO:~$ source /home/cisco/nsc-47/ncsrc *  Create a runtime directory where NCS/N

Configuration VXLAN on Cisco Nexus !!! First: Legacy Method: Connect between two servers by Trunk VLAN: Second: VXLAN Method: Connect between two servers by VXLAN Tunnel. First Method:          NXOS-L:  vlan 2  interface Ethernet1/2     switchport access vlan 2     spanning-tree port type edge     no shutdown interface Ethernet1/1    switchport mode trunk    spanning-tree port type network    no shutdown NXOS-R: vlan 2 interface Ethernet1/2    switchport access vlan 2    spanning-tree port type edge    no shutdown interface Ethernet1/1    switchport mode trunk    spanning-tree port type network    no shutdown  Result: ------------------------------------------------------------------------------------------------- Second Method: VXLAN !! NXOS-L: feature ospf  interface Ethernet1/1     no switchport     ip address 10.3.4.3/24     ip router ospf 1 area 0.0.0.0     ip ospf network point-to

Configure Firewall Policy on Cisco Router  to allow 80 & 443 and deny Other !!! Configured  Route between CLIENT and WEB_SERVER and running all services.  To Allow HTTP & HTTPS and deny others!!  1- Create Two Zones INPUT & OUTPUT 2- Create Class Map-Inspection 3- Create Policy Map --- Protocol Inspection 4- Create Zone Pair TEST: Allow HTTP & HTTPS From Client to Server: Deny Other services: ----------------------------------------------------------------------------------------------------------- Good Luck https://www.linkedin.com/in/ahmedms/

FortiGate labs       1- Initial Configuration: Create Two Zone (INTERNAL (Port2) - OUTPUT (Port1)) 2- Create default route (static) between INTERNAL to WAN: 3-Rule Allow INTERNAL ZONE [PING & DNS] Services: 4- Rule Allow INTERNAL ZONE [http-https- DNS] Services and Deny [ping ] 5- Allow Security Profiles Anti-Virus profile : This EICAR and test download virus (.txt) ## Apply AV Profile: Result: 6- Apply Application Control for Block facebook.com & facebook services  for LAN Zone Edit Policy : 7- Block Facebook chat only for LAN Zone: -------------------------------------------------------------------------------------------------------------------- Good Luck https://www.linkedin.com/in/ahmedms/

The difference between VLANs and VLAN interfaces   An SVI [   switched virtual interface ]  is normally found on switches (Layer 3 and Layer 2). With SVIs the switch recognizes the packet destinations that are local to the sending VLAN and switches those packets and packets destined for different VLANs are routed. Note:  An SVI cannot be activated unless the VLAN itself is created and at least one physical port is associated and active in that VLAN. Unless the VLAN is created there will be no spanning tree instance running hence the line protocol will be down for the SVI VLAN. SW: ! vlan 10-11 ! interface GigabitEthernet0/0  switchport access vlan 10  media-type rj45  negotiation auto ! interface GigabitEthernet0/1  switchport access vlan 11  media-type rj45  negotiation auto ! ! interface Vlan10  ip address 10.0.0.1 255.0.0.0 ! interface Vlan11  ip address 11.0.0.1 255.0.0.0 ! ip routing ! ! ------------

Configuration MPLS L2 VPN (VPLS) between two branches !!! Your tasks are: 1- R2(f0/0) not assign IP   R5(f0/1) no assign IP. 2- Apply routing protocol RIP v2 on R1 & R6 . 3- Apply OSPF on R2-R3-R4-R5, but R2 (23.0.0.0 & 2.2.2.2) no route with 16.0.0.0  and    R6 the same. 4- Company has two branches (16.0.0.1  -   16.0.0.6) 5- MPLS not need know network of customers into PE & P,  so customer network not need route   into core. R1: en conf t interface f0/0 no shutdown ip address 16.0.0.1 255.0.0.0 interface loopback 0 ip address 1.1.1.1 255.255.255.255 router rip network 16.0.0.0   network 1.0.0.0    version 2 no auto-summary end wr me --------------- R2: en conf t mpls ip interface f0/1 no shutdown ip address 23.0.0.3 255.0.0.0 mpls ip interface loopback 0 ip address 2.2.2.2 255.255.255.255 router ospf 1 network 23.0.0.0  0.255.255.255 area 0 network 2.0.0.0   0.255.255.255  area 0 end wr me -------------------- R