ip-stories.com

1. Router A
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.53.130/23
vrrp-group 100 {
virtual-address 192.168.53.129;
priority 100;
accept-data;
}
}
address 192.168.54.130/23 {
vrrp-group 200 {
virtual-address 192.168.54.129;
priority 100;
accept-data;

2. Router B
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.53.131/23
vrrp-group 100 {
virtual-address 192.168.53.129;
priority 200;
accept-data;
}
}
address 192.168.54.131/23 {
vrrp-group 200 {
virtual-address 192.168.54.129;
priority 200;
accept-data;

by Joko Mahendro (IIX Volunteer)

Multicast can become a head ache in a narrow bandwidth infrastructure.
Anyway, IGMP helps much more to implement related multicast technologies such IPTV..
Specially to reduce the multicast bandwidth which can occupy all the way path to the end user.

Let say, there are 50 channels of TV needed to be streamed out from an IPTV head end.
Each of channel requires 2 Mbps of bandwidth.
Without IGMP, the total bandwidth broadcasted UDP ly.. to end user : 100 Mbps.
Therefor, user with limited bandwidth cannot accommodate and tolerance against this requirement.

By enabling IGMP, end user only needs 2 Mbps of bandwidth to play the IPTV channel.
And if the STB Off, no unwanted multicast bandwidth coming

Wiki Doc –

IGMP snooping is the process of listening to Internet Group Management Protocol (IGMP) network traffic. IGMP snooping, as implied by the name, is a feature that allows a network switch to listen in on the IGMP conversation between hosts and routers. By listening to these conversations the switch maintains a map of which links need which IP multicast streams. Multicast may be filtered from the links which do not need them.

The configuration (we are streaming two channels to all over network).

interface vlan23
ip address 192.168.10.254/24
ip igmp snooping querier

If you want to view statistics for ONT,
You need to configure PM (Performance Management) for ONT as follows.

gpon-omch
onu pm 3/3 1

The output

GPON-OLT# show gpon onu real-bps 3/3 1 1

================================================================================
|   ONU   | UNI |        TIME        |         TX         |         RX         |
——————————————————————————–
|  3/3  1 |   1 | 15:14:36- 15:14:59 |      1,989,197 bps |              0 bps |
================================================================================

GPON-OLT# show gpon onu real-bps 3/3 1 1

================================================================================
|   ONU   | UNI |        TIME        |         TX         |         RX         |
——————————————————————————–
|  3/3  1 |   1 | 15:14:36- 15:14:59 |      1,989,197 bps |              0 bps |
================================================================================

Thanks to Choo, LS Cable Korea.

a. rahman isnaini r.sutan

Code:       Access-Request
Identifier: 176
Authentic:  )<181><21>S<201>l<152><17><194><203><248><172><240><147><216><214>
Attributes:
User-Name = “indrajaya”
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = “203.63.154.1″
NAS-Port = 1234
Called-Station-Id = “123456789″
Calling-Station-Id = “987654321″
:$
Mon Jan  2 14:05:08 2012: DEBUG: Packet dump:
*** Sending to 202.53.249.28 port 1812 ….
Code:       Access-Challenge
Identifier: 236
Authentic:  b!7<139><177>kc<154>h<131><178>ug<182>A<206>
Attributes:
EAP-Message = <1><9><0>+<25><0><23><3><1><0> <217><15><128><253><207>9<250><214><239>(<129>9<174>-n<149>u<27><203>[<171><190><188><14><1>9<15><245><250>O<23><9>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Mon Jan  2 14:05:10 2012: DEBUG: Packet dump:
*** Received from 202.53.249.28 port 1812 ....
Code:       Access-Request
Identifier: 237
Authentic:  <233><246><143><127><234><167>4<152><229>c<228>GH<219>+<242>
Attributes:
NAS-IP-Address = 202.53.249.28
NAS-Port = 50011
NAS-Port-Type = Ethernet
User-Name = "indrajaya"
Called-Station-Id = "00-0A-8A-FC-DB-8B"
Calling-Station-Id = "88-AE-1D-30-2C-4A"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message = <2><9><0>+<25><0><23><3><1><0> <238><240><228><208>!a<188><131><13>S<204>@X&C<137>w@'<22><212>asrU<165>%<186>C]<206>8
Message-Authenticator = <169><216><255><153> <182>xx<130><243><160>\<170><191><128><127>

Mon Jan  2 14:05:10 2012: DEBUG: Handling request with Handler ”, Identifier ”
Mon Jan  2 14:05:10 2012: DEBUG:  Deleting session for indrajaya, 202.53.249.28, 50011
Mon Jan  2 14:05:10 2012: DEBUG: do query is: ‘delete from RADONLINE where NASIDENTIFIER = ‘202.53.249.28′ and NASPORT = 050011′:
Mon Jan  2 14:05:10 2012: DEBUG: Handling with Radius::AuthSQL:
Mon Jan  2 14:05:10 2012: DEBUG: Handling with Radius::AuthSQL:
Mon Jan  2 14:05:10 2012: DEBUG: Handling with EAP: code 2, 9, 43, 25
Mon Jan  2 14:05:10 2012: DEBUG: Response type 25
Mon Jan  2 14:05:10 2012: DEBUG: EAP result: 0,
Mon Jan  2 14:05:10 2012: DEBUG: AuthBy SQL result: ACCEPT,
Mon Jan  2 14:05:10 2012: DEBUG: Access accepted for indrajaya
Mon Jan  2 14:05:10 2012: DEBUG: Packet dump:
*** Sending to 202.53.249.28 port 1812 ….
Code:       Access-Accept
Identifier: 237
Authentic:  <154>:<154><165><152><5><28><151><197>Z<15><243>7<189>E<210>
Attributes:
EAP-Message = <3><9><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
MS-MPPE-Send-Key = 8<131><251><239><153><230>L<239>oY]<8><3><163><246><229><158><152><2><147><7><14><199><20>o<0><243>U<203>k<132><194>
MS-MPPE-Recv-Key = <243>_/<240>9z<242><214><229><181><218><217><4>tO<210><15>^<231><175>j<227><229><127><199><185>8<200><167>D<224>|

What you need is :

1. Certificate (You can use self signed certificate)
Save to a directory and load it.

2. Start Wired Authentication Service (go to services)

3. TCP/IP authentication configuration
Go to Authentication Tab, Enable IEEE 802.1x Authentication,
Go to Setting, Validate Server Certificate and chose your Trusted root certification authorities
(Self signed certificate you have created and loaded, should appear and check for that)

4. Plug your cable in to the fast ethernet 0/11 port..
Your network icon would pop you up with message that you need to enter credential information.
Just click and enter your account which created at the radius.

Form that has been created, somehow needed to be modify.
Without opening the Developer Toolbar, you cannot just click the form (check box) and edit the text near to the check box.

Here’s the way how to edit the text of the Form.

Now click “Design Mode” in Developer Tab and Control menu
You can edit the text near to check box by double click them, and new VB windows opened.

The text is editable now on the “caption” (alphabetic tab - left corner pane)

– sh ver catalyst –

Cisco Internetwork Operating System Software
IOS ™ C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA7, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Fri 27-Jan-06 21:19 by antonino
Image text-base: 0×80010000, data-base: 0×8056A000

ROM: Bootstrap program is C2950 boot loader

SW-ANNEX-2 uptime is 2 weeks, 1 hour, 41 minutes
System returned to ROM by power-on
System restarted at 12:09:09 WIB Mon Dec 19 2011
System image file is “flash:c2950-i6q4l2-mz.121-22.EA7.bin”

cisco WS-C2950G-24-EI (RC32300) processor (revision C0) with 21004K bytes of memory.
Processor board ID FOC0632S00X
Last reset from system-reset
Running Enhanced Image
24 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0A:8A:FC:DB:80
Motherboard assembly number: 73-7280-04
Power supply part number: 34-0965-01
Motherboard serial number: FOC06310TVQ
Power supply serial number: PHI062908XB
Model revision number: C0
Motherboard revision number: B0
Model number: WS-C2950G-24-EI
System serial number: FOC0632S00X
Configuration register is 0xF

– config –

aaa new-model
aaa authentication banner ^Cocal Access ^C
aaa authentication dot1x default enable group radius

dot1x system-auth-control (This command is mandatory and available from version 12.1(14)-EA7)
dot1x guest-vlan supplicant

interface FastEthernet0/11
description TO-LAN-AUTH-TEST
switchport access vlan 111
switchport mode access
dot1x port-control auto

radius-server host 192.168.55.75 auth-port 1812 acct-port 1813
radius-server retransmit 5
radius-server key #######

– log –

Read the rest of this entry »

So, you have forgot your uninstall password for Network Agent ?
So do I

Anyway,

Here the steps :

1. Go and Login to Master Server (KSC)
2. Go to Managed Computers
3. Open Policies Tab
4. Select Policy - KSC Network Agent
5. Right click to go to Properties
6. Open Setting
7. Click modify
8. Change your password and retype confirm password
9. OK
10. Select all client or right click managed computers / group.
11. Do “force sync”
12. Wait for a minute (depends on the link)
13. Now you can uninstall network agent

rgs
a. rahman isnaini r.sutan / Hamzah Sam (Optima Kaspersky)

For some reasons,
We need to extend a direct PSTN line from Operators at one site using IP based Media Gateway to far and away location which running on GPON ONT at the other site.
Here I have been successfully extend Direct PSTN Line via GPON Topology.

Both incoming and outgoing calls were successfully working.
Unless one thing, the handset was not ringing for incoming which just I believed we missed one parameter which would be worked out soon.

MG IP Address (site A) : 192.168.249.125
OLT IP Address (site B) : 192.168.234.134

The network scheme :

Operator PSTN - PBX - [FXS] Media Gateway - IP Network - GPON [OLT] - GPON [ONT] - Handset

1. At Media Gateway Site A point peer to OLT IP Address 192.16.237.134 (not ONT)
Since ONT is fully managed and worked under OLT
2. At Media Gateway Site A configure 1001/1001 > user/password as this would be set on OLT
3. OLT Configuration [LS Cable]

! (configure ONT IP Address on Module/Port PON 3/1 2)
onu interface voip 3/1 2 192.168.228.244/29 192.168.228.241
! (configure peer address / Media Gateway IP Address)
gpon-sip server 2 192.168.249.125 192.168.249.125 192.168.249.125
! (configure dns for ONT 3/1 2 pointed to MG IP address site A)
gpon-sip agent 3/1 2 dns 192.168.249.125
! (configure sip server for VoIP ONT pointed to MG IP address site A)
gpon-sip agent 3/1 2 srv 2 3600 360
! (configure directline numbers username password and MG IP address)
gpon-sip pots 3/1 2 1 73880511 1001 1001 192.168.249.125
! (configure hotline for the purpose of : when handset is picked up then ONT will dial automatically to MG using username & password given)
gpon-sip pots 3/1 2 1 hotline 1001@202.53.249.125

a. rahman isnaini r.sutan / nicko retino / Hyun Jin Do

Spec Slave :

Win Server 2003 SP2.
Win Server 2008
Win XP Professional SP3

CPU : Dual Core, 2 GB, Disk 100 GB Idle. > Managed up to 500 endpoints

Steps of installation slave server KSC di client

1. Install Network Agent only on KSC Slave
Network agent is derived from extracting KSC software on folder Server.
On Agent steup, put the Master Server IP address.
2. Connect to Master & Check by web is fine : http://master-ip-address whether it’s appear or not
3. Once it’s listed on Master, Remove Network Agent
4. Install KSC software
5. Add Slave Server on Master at Administration Menu Add Slave Server

a. Add Slave IP Address
b. Add Slave-Name (whatever)
c. Add Master IP Address
d. Add Slave Admin account and password
e. Finish
f. Try to connect to Slave after add slave server done

Please ensure that slave and master linked.