Popular Microcontrollers
January 26, 2012 | 
Author Embedded systems are not just complex projects in electronic laboratories–they are present in everyday devices. Every mobile device, electric toy or kitchen appliance has some electronic board which usually includes a programmable device–microcontroller. This is a special microprocessor with peripheral devices and I/O ports. Depending on the volume of the device the manufacturer can decide whether to develop an ASIC–a dedicated integrated circuit which performs all functions for this device or to make a standard board with discrete components. In both cases some microcontroller is used, either as a soft core in ASIC or a standard integrated circuit.
There is a plethora of choices from open-source projects to various IP cores with significant royalties for each device. Despite this choice there are few microcontroller families that are popular because of their flexibility, powerful development tools or because of historical reasons.
ARM
This is currently the hottest RISC core used in almost all mobile phones, portable devices and many other applications. It has powerful instruction set, low consumption, offers easy integration and there are many good development tools for easy development and debugging. The ARM core is also used in many popular microcontroller families from Atmel, Luminary Micro (now Texas Instruments), NXP and many other manufacturers. These microcontrollers are very popular among embedded engineers and are used in various applications from automotive industry to hobby projects.
AVR
This is one of the most popular microcontroller families from Atmel. It is also very popular among hobby engineers and it is used in many projects from simple LED controllers to complex communication devices. The RISC architecture offers fast execution and low power consumption. Development tools are available for free which is a great bonus for electronics enthusiasts. AVR is a direct competitor to Microchip’s PIC. Some favor AVR, others like AVR. There is no clear winner. Both families work well. It is up to the developer/programmer what he like or prefers.
PIC
This is a leading microcontroller family from Microchip. PICs are available in very small packages with only few pins and also as powerful 32-bit microcontrollers with many peripheral modules and I/O pins. They are very popular among hobby engineers–in hobby projects you will find either AVR or PIC.
8051
This is a very old 8-bit microcontroller architecture that has managed to survive for more than 30 years. Many excellent compilers, a lot of code examples and simple development has contributed to the popularity of this family. This core is still used in many modern microcontrollers from Silabs, NXP, Atmel and many other microcontroller manufacturers. It is very likely that the 8051 is the most widely used core in embedded applications. Of course, many new designs will probably use ARM or some other advanced architecture, but because of popularity of the 8051 family in the past and availability of development tools it is still used in many applications.
Information Technology Problem Solving – The 6 Principles of Scientific Problem Solving
This paper will explain a scientific approach to problem solving. Although it is written to address Information Technology related problems, the concepts might also be applicable in other disciplines. The methods, concepts, and techniques described here is nothing new, but it is shocking how many “problem solvers” fail to use them. In between I will include some real-life examples.
Why do problem solvers guess in stead of following a scientific approach to problem solving? Maybe because it feels quicker? Maybe a lack of experience in efficient problem solving? Or maybe because it feels like hard work to do it scientifically? Maybe while you keep on guessing and not really solving, you generate more income and add some job security? Or maybe because you violate the first principle of problem solving: understand the problem.
Principle #1. Understand the *real* problem.
Isn’t it obvious that before you can solve, you need to understand the problem? Maybe. But, most of the time the solver will start solving without knowing the real problem. What the client or user describe as “The Problem” is normally only the symptom! “My computer does not want to switch on” is the symptom. The real problem could be that the whole building is without power. “Every time I try to add a new product, I get an error message” is the symptom. Here the real problem could be “Only the last 2 products I tried to add gave a ‘Product already exists’ error”. Another classic example: “Nothing is working”…
You start your investigation by defining the “real problem”. This will entail asking questions (and sometimes verify them), and doing some basic testing. Ask the user questions like “when was the last time it worked successfully?”, “How long have you been using the system?”, “Does it work on another PC or another user?”, “What is the exact error message?” etc. Ask for a screen-print of the error if possible. Your basic testing will be to ensure the end-to-end equipment is up and running. Check the user’s PC, the network, the Web Server, Firewalls, the File Server, the Database back-end, etc. Best-case you will pint-point the problem already. Worst-case you can eliminate a lot of areas for the cause of the problem.
A real life example. The symptom according to the user: “The system hangs up at random times when I place orders”. The environment: The user enters the order detail on a form in a mainframe application. When all the detail is completed, the user will tab off the form. The mainframe then sends this detail via communication software to an Oracle Client/Server system at the plant. The Oracle system will do capacity planning and either returns an error or an expected order date back to the mainframe system. This problem is quite serious, because you can loose clients if they try to place orders and the system does not accept them! To attempt to solve this problem, people started by investigating: 1) The load and capacity of the mainframe hardware 2) Monitoring the network load between the mainframe and the Oracle system 3) Hiring consultants to debug the communication software 4) Debugging the Oracle capacity planning system After spending a couple of months they could not solve the problem.
The “Scientific Problem Solver” was called in. It took less than a day and the problem was solved! How? The solver spends the day at the user to see what the “real problem” was. It was found that the problem only occurs with export orders. By investigating the capture screen and user actions, it was found that with export orders the last field on the form is always left blank and the user did not tab off this field. The system was not hanging, it waited for the user to press “tab” another time. Problem solved. It can be noted that the “Scientific Problem Solver” had very limited knowledge of the mainframe, of the order capturing system, of the communication software, and of the Oracle capacity planning system. And this brings us at Principle#2.
Principle #2. Do not be afraid to start the solving process, even if you do not understand the system.
How many times have you heard “I cannot touch that code, because it was developed by someone else!”, or “I cannot help because I am a HR Consultant and that is a Finance problem”? If you washing machine does not want to switch on, you do not need to be an Electrical Engineer, Washing Machine Repair Specialist, Technician, or whatever specialist to do some basic fault finding. Make sure the plug is working. Check the trip-switch, etc. “I have never seen this error before” should not stop you from attempting to solve. With the error message and an Internet Search engine, you can get lots of starting points.
In every complex system there are a couple of basic working principles. System A that reads data from System B can be horribly complex (maybe a Laboratory Spectrometer that reads data from a Programmable Logic Computer via an RS-232 port). But, some basics to test for: Does both systems have power? Is there an error message in the event log on one of these systems? Can you “ping” or trace a network packet from the one system to the other? Try a different communication cable. Search the internet for the error message.
Once you have established what the problem is, you need to start solving it. Sometimes the initial investigation will point you directly to the solution (switch the power on; replace the faulty cable, etc). But, sometimes the real problem is complex in itself, so the next principle is to solve it simple.
Principle #3. Conquer it simple.
Let’s start this section with a real-life example. Under certain conditions, a stored procedure will hang. The stored procedure normally takes about an hour to run (when it is not hanging). So, the developer tried to debug. Make some changes and then wait another hour or so to see if the problem is solved. After some days the developer gave up and the “Problem Solver” took over. The “Problem Solver” had to his disposal the knowledge under witch conditions the stored procedure would hang. So, it was a simple exercise to make a copy of the procedure, and then with this copy to strip all unnecessary code. All parameters were changed with hard-coded values. Bits of code were executed at a time and the result-sets were then again hard-coded into the copy of the procedure. Within 3 hours the problem was solved. An infinite-loop was discovered.
What the “Problem Solver” did, was to replicate the problem and at the same time tried to isolate the code that caused the problem. In doing so, the complex (and time consuming) stored procedure became something fast and simple.
If the problem is inside an application, create a new application and try to simulate the problem inside the new application as simple as possible. If the problem occurs when a certain method for a certain control gets called, then try to only include this control in the empty application and call that method with hard-coded values. If the problem is with embedded SQL inside a C# application, then try to simulate the SQL inside of a Database Query tool (like SQL*Plus for Oracle, Query Analyzer for SQL Server, or use the code in MS Excel via ODBC to the database).
The moment you can replicate the problem in a simple way, you are more than 80% on your way to solve it.
If you do not know where in the program the problem is, then use DEBUG.
Principle #4. Debug.
Most application development tools come standard with a debugger. Weather it is Macromedia Flash, Microsoft Dot Net, Delphi, or what ever development environment there will be some sort of debugger. If the tool does not come standard with a debugger, then you can simulate one.
The first thing you want to do with the debugger is to determine where the problem is. You do this by adding breakpoints at key areas. Then you run the program in debug mode and you will know between which breakpoints the problem occurred. Drill down and you will find the spot. Now that you know where the problem is, you can “conquer it simple”
Another nice feature of most debuggers includes the facility to watch variables, values, parameters, etc. as you step through the program. With these values known at certain steps, you can hard-code them into your “simplified version” of the program
If a development tool does not support debugging, then you can simulate it. Put in steps in the program that outputs variable values and “hello I am here” messages either to the screen, to a log file, or to a database table. Remember to take them out when the problem is resolved… you don’t want your file system to be cluttered or filled up with log files!
Principle #5. There is a wealth of information on the database back-end that will help to solve a problem.
The “Problem Solver” was called to help solve a very tricky problem. A project was migrating system from a mainframe to client-server technology. All went well during testing, but when the systems went live, all of a sudden there were quite a few, and quite random “General Protection Faults”. (The GPF-error was the general error trap in Windows 95 and 98). It was tried to simplify the code, debugging was attempted, but it was impossible to replicate. In the LAB environment, the problem would not occur! Debugging trace messages to log files indicated that the problem occurred very randomly. Some users experienced it more than others, but eventually all users will get them! Interesting problem.
The “Problem Solver” solved this after he started to analyze the database back-end. Not sure if it was by chance or because he systematically moved in the right direction because of a scientific approach. Through tracing what is happening on the back-end level, it was found that all these applications were creating more-and-more connections to the database. Every time a user starts a new transaction another connection was established to the database. The sum-total of the connections were only released when the application was closed. As the user navigated to new windows inside the same application, more and more connections are opened, and after a specific number of connections, the application will have enough and then crash. This was a programming fault in a template that was used by all the developers. The solution was to first test if a cursor to the database is already open, before opening it again.
How do you trace on the back-end database what is happening? The main database providers have GUI tools that help you to trace or analyze what queries are fired against the database. It will also show you when people connect, disconnect, or were unable to connect because of security violations. Most databases also include some system dictionary tables that can be queried to get this information. These traces can sometimes tell ‘n whole story of why something is failing. The query code you retrieve from the trace can be help to “simplify the search”. You can see from the trace if the program makes successful contact with the database. You can see how long it takes for a query to execute.
To add to Principle#2 (do not be afraid to start…); you can analyze this trace information, even though you might not know anything about the detail of the application.
Remember though that these back-end traces can put a strain on the back-end resources. Do not leave them running for unnecessary long.
Principle #6. Use fresh eyes.
This is the last principle. Do not spend too much time on the problem before you ask for assistance. The assistance does not have to be from someone more senior than you. The principle is that you need a pair of fresh eyes for a fresh perspective and sometimes a bit of fresh air by taking a break. The other person will look and then ask a question or two. Sometimes it is something very obvious that was missed. Sometimes just by answering the question it makes you think in a new directions. Also, if you spend hours looking at the same piece of code, it is very easy to start looking over a silly mistake. A lot of finance balancing problems get solved over a beer. It could be a change of scenery, and/or the relaxed atmosphere that will pop out the solution. Maybe it is the fresh oxygen that went to the brain while walking to the pub. Maybe it is because the problem got discussed with someone else.
Conclusion
After reading this paper, the author hope that you will try these the next time you encounter a problem to solve. Hopefully by applying these six principles you will realize the advantages they bring, rather than to “guess” your way to a solution.
Posted in Port Server Articles | 
Tags: Information, Principles, Problem, Scientific, Solving, Technology | 
No Comments »
How to Connect a USB Modem Wireless Router Ethernet
I currently have a USB broadband modem. I purchased a wireless router which has ethernet connections. Currently, the modem is plugged into my computer downstairs which is running Windows 98, therefore, it won’t bridge the connections to my computer upstairs(XP). I can’t update to XP because a family member wont ‘risk’ it.
Can I connect the USB broadband modem to my wireless router using a complicated selection of cable adapters ie ethernet to USB (I cant find a USB TO ETHERNET adapter). If this is not possible, if I plug the USB modem into my XP computer, can I bridge the connections to my Win 98 computer using the XP computer as the host?
I think their is Ethernet to USB out their currently but not USB to ethernet. I dont see any reason why you should not be able to hook up your USB modem to your XP computer and use it as a bridge to the 98 computer.
Of course, it would be nicer to have an all-in-one unit, but you can accomplish your goal with this equipment. You cannot use cable adapters to convert the modem’s USB into Ethernet. USB needs drivers to operate, and Ethernet connections do not provide those drivers to the device. you could also connect the modem to the XP machine and bridge connections, yes. but you can leave the system the way it is and configure it to run smoothly like this:
If I had the hardwear in front of me, it would be easier to provide specifics… but i can probly give you an idea of what to do. There are only 2 steps here:
1. configure an internet gateway.
2. configure the router.
And the rest is easy.
1. Set up the internet machine to SHARE AN INTERNET CONNECTION (you can use the wizard if you want, or just enable Internet Connection Sharing), which will turn the 98 into an internet gateway. that gateway needs an IP address designated, however. In essence, the 98 machine will be the internet server, so the IP of the 98 machine is the IP of the gateway. Assign an address, for example: 192.168.1.1 to the 98 machine. the “192.168″ is important, and the last strings you can stretch on, but for the sake of ease lets keep it small. *TIP* the subnet mask will always be 255.255.255.0. okay that takes care of the host machine.
2. after you have an internet gateway, connect the wireless router, and console (or IP) in to the settings, usually by going into internet explorer and typing 192.168.0.1 into the address bar, and look for a slot for Internet Gateway. Type the address assigned in step 1. thats that for the router. (there may be other settings necessary for your specific network, and if there are, be sure to configure those.)
Lastly a few housekeeping tasks. make sure the workgroup for both machines is identical. I usually use MSHOME as the workgroup. Also make sure that on the XP machine, your IP address is set to “Automatically Obtain IP address”, also known as DHCP.
Posted in Port Server Articles | Tags: Connect, Ethernet, Process, Purification, Router, Wireless | No Comments »
Laptop Or Desktop, Which One is Better
This is an age old question that doesn’t necessarily have a right or wrong answer. Both laptop and desktop computers can be better than the other depending on the given situation and the individual needs of the person using each respective machine, but let’s go over some of the advantages and disadvantages of each and try and draw some conclusion from this debate.
What do you get with a desktop computer?
Obviously a desktop computer is larger than a laptop computer, but does that necessarily mean that it’s better? In some ways it does.
It’s easier for a desktop computer to have a bigger memory and to hold more RAM than a laptop computer simply because there is more space available for the storage.
The space in a desktop computer will often allow the user to choose almost unlimited accessories and options that a laptop computer just may not have the space to hold. Things like a top speed processor, the latest state of the art sound and graphics cards, extra ports for external linking and more than enough storage space for all of the programs, music and video clips that you’ll ever need.
The extra space also comes with one more big benefit that you don’t often find with a laptop – the ability to easily upgrade. This means that you can keep your machine from becoming obsolete for much longer by continually adding the latest programs, components and accessories.
The advantages of the laptop computer
The one glaring advantage a laptop computer holds over its desktop counter part is portability. If you have a job that requires you to travel, or if you’re a student living in a closet sized dormitory with three others students, a laptop computer is practically a necessity. No matter how powerful or fast your desktop computer is, you can’t unplug it, take it to the subway and finish writing your report while you travel.
Despite the common misconception that all desktop computers are more powerful than all laptops, the laptop computers of today have much better technology in them than the laptops of yesterday. You will pay more for a supper powerful laptop than you will for the same caliber desktop, but then again, the lower price of the desktop won’t help you on the go.
So, how do you choose?
I think the above illustrations tell you that both types of computer can be the best, depending on situation. The key isn’t between choosing one over the other, it’s in choosing the best computer of the type that you choose.
You need to get online and do some research on the different brands of computers to find what the best and most reliable machines are. There are a slew of different manufacturers producing computers today, you need to find which manufacturer is producing the best reviewed computers of the type that you have determined that you need and base your decision on those facts.
Buying a computer from a reputable and reliable manufacturer will ensure that you get a high quality machine. This is a piece of equipment that will be a big part of your life, hopefully, for years to come; you shouldn’t look to get the cheapest price if it will mean that you are sacrificing quality. Never spend your hard earned money on a machine that has gotten a host of unfavorable reviews, or on a machine that you’ve never heard of.
You may end up paying a little bit more for a Samsung or Dell computers than you would for a lesser known brand, but with a Samsung or Dell you will know that you are getting a top quality computer that will last – with a lesser known brand, you never know what you’ll get.
Your VPN Doctor for Virtual Private Network Troubleshooting VPN Guide
Here are some troubleshooting guides for particular topics.
(1) Your Virtual Network Connection
(2) VPN Troubleshooting Error Messages
(3) VPN Modems Troubleshooting Guide
(4) VPN ISP Troubleshooting Guide.
(1) Your Virtual Private Network Connection
Having trouble connecting to the Internet at home try these steps before calling for help.
1. Do you have an IP address? Try ipconfig /all. If you do not have an IP address reboot your PC. If that doesnt work power cycle your Cable/DSL modem and routers and reboot your PC again after the network devices are up and stable. Be sure all of your network cables are plugged in tight.
2. After your PC reboots check that your network adapter is active and packets are flowing. Perform the ipconfig /all check again.
3. Check your connectivity by pinging several Internet sites. If that does not work, ping the loopback address 127.0.0.1. If that fails, your adapter may not be working or it is not properly configured.
To check your IP address. From command prompt enter ipconfig /all (as shown in the picture) you should see an IP Address and several DNS Server addresses. The domain name system (DNS) is the way that Internet domain names are located and translated into IP addresses and is required for browsing the Internet.
Ping 127.0.0.1 – loopback Test (as shown in the picture). The loopback test is used to check if the IP stack is responding. If it times out or you get an error the problem may occur if any one or more of the following conditions is true:
*The TCP drivers are corrupted
*The network adapter is not working
*Another service is interfering with IP
Check your network adapter, click the Start menu, Settings, Control Panel, and select Network Connections. Double click on the Local Area Connection or the Wireless Adapter whichever one you are using. Be sure its Connected. If you have multiple network cards disable the one you are not using.
There should be Packets displayed in both the Sent and Received counters. If the Received counter is 0 check that the adapter has an IP address. Select Properties.
Click the check boxes for Show icon and Notify me below. A twin PC icon will appear on the lower right portion of the taskbar in the tray area and will flash while sending and receiving packets. You can place your mouse over the icon to get the status and click on it to get more details.
Tracert displays the connection path to the target location and the number of hops. Each hop is the trip from one router to another. Tracert is a handy tool both for understanding where problems are in the network and for determining latency between hops.
Ping is used to determine whether a host exists and is active on the network and can determine the round trip time to the device. You can enter a host name or an IP address if you know it. If the request times out then the host is not reachable because it’s offline or there is a problem with the connection. Try several sites, if none work then ping the loopback address 127.0.0.1 Also, if your DNS is not working or properly configured you can only ping the host with an IP address and you will not be able to browse the Internet.
If you are having intermittent problems, perform a ping -t for 5 to 6 minutes then hit CTRL C to see the results of the test to determine if you are dropping network packets (lost packets). If you are, this usually indicates an ISP problem or Cable/DSL modem problem. See VPN ISP Troubleshooting Guide
(2) VPN Troubleshooting Error Messages
Q1 Error Message: Remote Host not responding: or Unable to Resolve the IP address of the Remote Server
Cause: This indicates that the Contivity VPN Switch never responded to the connection attempt. The problem could either be with the Contivity switch itself, (switch may be down) or your machine may be having a problem resolving the IP address.
Action: Try pinging your destination name (Example: VPN.something.com). If you received a message that says “Request Timed Out” from the ping command, call your ISP to make sure that their DNS is functioning correctly.
Q2 Error Message: Maximum number of sessions reached
Cause: This indicates that the maximum number of users for the account you are using are currently logged on.
Action: If you are the only user with VPN to your account, it is possible to get this error if you restarted a connection immediately after losing the dial-up connection to your ISP. This is because the Contivity VPN Switch takes up to one hour to determine that your connection has been dropped and log you off from your account.
Q3 Error Message: Login failed, Please consult the switch log for further information
Cause: The User Name or the Password is incorrect for the user name entered.
Action: Verify that the User Name you entered is correct and retype the Password before trying the connection again.
Q4 Error Message: The physical connection has been lost
Cause: Your connection to your ISP was disconnected.
Action: Re-establish your connection to your ISP before you re-establish the Contivity connection to the remote network.
Q5 Error Message: The secure Contivity connection has been lost
This message can result due to a number of different reasons, and there are several recommended actions you can take to try and re-connect.
Cause(s):
If you receive this error before the client connects then something is blocking a necessary port (such as ESP port 50). This can result if your firewall is not configured properly and is restricting the necessary port(s).
If you receive this error during a connection and you suddenly get the error it may mean one of the following:
1. Something closed the connection;
2. The VPN Contivity switch where you were trying to connect to thought your client was down or timed out;
3. Your local ISP did something that interrupted your network connection long enough for the VPN Contivity switch to identify your client was not responding;
4. The VPN Contivity switch that you are connected to has either logged your connection off or the Switch is no longer responding, or a device that does not support IPSEC NAT Traversal is causing the connection failure.
Action(s):
1. Try re-establishing the Contivity connection by clicking the Connect button. If this works, the connection was probably lost due to the Idle Timeout configured on the Contivity VPN Switch. If no data is transferred through the Contivity connection for a long period of time, 15 minutes or more, the Contivity VPN Switch automatically disconnects the connection;
2. If you were unable to successfully re-establish the Contivity Connection, the dial-up connection may be preventing data from traveling between the Contivity VPN Client and the Contivity VPN Switch. Hang up the dial-up connection and reconnect before you try to re-establish a connection to the Contivity VPN Switch;
3. If you are still unable to connect to the Contivity VPN Switch, open a Command Prompt and try pinging the Contivity VPN Switch using the host name or address that you specified in the Destination field.
(a) If you receive a “Destination Unreachable error” there is a routing problem at the ISP.
(b) If you receive a “Request Timed Out” error message, the Contivity VPN Switch is probably not available, and you should contact your Network Administrator.
4. If you keep getting this message and are unable to connect, then it may indicate that the Contivity VPN Switch is unable to communicate with the client because it is behind some kind of NAT (Network Address Translation) device. NAT (Network Address Translation) Traversal allows a number of devices on a private network to access the Internet simultaneously without each requiring its own external IP address. Most hotels and airports that provide Internet connectivity use NAT to connect to the Internet.
Q6 Error Message: Cannot Alter Routing Table
Cause: Message means the you the user, an application on your machine, or your ISP attempted to change the routing table via an ICMP redirect attempt and it was not successful. The client detects the attempt to make the change, determines it’s a security breach and shuts down the client’s connection. Any time you make a VPN connection, you cannot change the routing table, because the VPN Client views this as a security risk and you will get disconnected.
Some applications require an ICMP redirection in order to work such as a game or other third party software.
Action: If you receive this error and cant connect due to an ICMP redirect attempt, shut down any other applications you are using which may be causing the ICMP redirect attempt. If it is the ISP that is doing it, you will need to block the ICMP redirect request. You can identify that ICMP redirect has occurred, by seeing a message saying there has been an IP address routing table change.
Q7 Error Message: Receiving Banner Text Information
Cause: Message means you are experiencing a Banner Sock issue, and will see a window displaying the “Receiving Banner Text” message and then gets disconnected.
Actions:
1. Disable the firewall completely to test. This is a port 500 issue and often means that the you have a personal Firewall that is blocking port 500 or you have a router that does not support IPSEC pass-through, and the you are connecting to a VPN switch that does not have NAT Traversal enabled.
2. If using wireless, temporarily remove Wireless from the picture and focus on the Ethernet card. Check the Ethernet card speed and duplex parameters and then make sure that the hub, switch, or router that is on the other end has the same parameters. If not, the VPN connection will drop as the link goes up and down, or due to a large number of errors on the port from a duplex and or speed mismatch.
3. Firewall that blocks the connection, such that system will crash. (This will rarely happen) NSDF (Norton Symantec Desktop Firewall) and NSPF (Norton Symantec Personal Firewall) can do this though, if you do not trust the IP address of the VPN connection.
If you do not trust the VPN address of the VPN client, the firewall will cause you to crash. In your Internet browser click on “Tools > Internet Options > Security > Trusted Sites > Sites” and add the destination VPN address(es) to your trusted sites.
Q8 Error Message: You already have the maximum number of adapters installed
Cause: You may have installed to many virtual adapters in your IP Stack
Actions:
1. Remove any unnecessary adapters;
2. Create multiple boot scenarios disabling the adapters that are not required for that function;
3. You may also get Banner Sock errors on Win 95 & 98 units with this condition;
4. For more information, see this Microsoft article: KB217744: Unable to Bind Protocols to More Than 5 Network Adapters (copy and paste into the search tool bar > enter).
Q9 Upgrade Errors: The following are some errors that may occur when trying to upgrade / install the Nortel VPN Client 4.65
Error (1): Failed to get Registry key value for NT_IPSECSHM
Cause: This is caused because an important registry key that cannot be found in the system registry.
Actions:
1. Uninstall and Reinstall the VPN Software
Error (2): Login Failure due to: Driver Failure
Cause: This is generally caused by either not having Admin rights to the PC or by trying to install/use a Nortel VPN client that predates the operating system.
Actions:
1. Ensure that you have admin rights to the PC.
2. Update/Install the most current version of the Nortel VPN client.
Error (3): Create socket failed with 10048.
Cause: This problem generally will occur whenever you have another VPN client software installed on the system. The most noted conflicting clients are: AOL, Cisco VPN Client(s), SSH Sentinel and PGP.
Actions:
1. Removing these clients will in most cases, resolve the issue.
(3) VPN Modems Troubleshooting Guide
Q1 Are Cable Modems supported for VPN Access?
Yes, you can use cable modems for VPN access. However you must be aware of the following conditions and be able to work within them:
*Some cable modems require that you log into an NT network to get authenticated.
*Some cable modems use a client similar to the Extranet Client for VPN and both will not run at the same time.
*Some cable modem Contracts/Acceptable Use Policies specify that you cannot use them for business purposes or they want to charge you another fee to use them for business purposes. Make sure you read your contract thoroughly.
*Your Cable modem provider is your ISP. Please see the VPN-connection-guide.html”>ISP Troubleshooting Guide for more information.
Q2 Why does my modem seem to perform erratically?
Always make sure that you do not let the operating system select a generic modem. If required, go to the appropriate web site for the vendor of the modem and get the updated INF file so that the proper parameters are configured for the modem.
Q3 Why do I always seem to get a slower connection speed than others with the same modem?
1. Always check the modem configuration to verify that its maximum speed has been selected.
2. It is common when auto-installing modems that the highest speed is not selected automatically.
3. Do not check the box that says run at maximum speed only.
Q4 I plugged my modem into the phone line at the hotel or customers office and now it does not work.
Always make sure that the phone line you are plugging into when visiting somewhere is an analog line not a digital one. Plugging into a digital line can permanently damage your modem, requiring a replacement unit. To avoid these situations please contact the local site phone support personnel.
Q5 Why cant I get a 56Kb V.90 connection from some locations that I go to?
Here are some of the reasons why you might not get a 56K connection:
1. You are located more than 3 ½ miles from your telephone companys central office (CO).
2. A SLICK or Subscriber Loop System is used in your area.
3. You are calling from a digital PBX system, which creates a Digital to Analog conversion and then an Analog to Digital conversion.
4. Your line contains digital pads or Robbed Bit Signaling (RBS), which can degrade your connection speeds.
5. Your wiring may be of poor quality.
6. Your modem’s firmware may not be up-to-date. Check that your modem has the newest V.90 code installed with all the patches from the vendor’s web site.
Q6 Why cant I get higher speed on my 56K v.90 modem into some NAG?
Here are some possible reasons:
1. A 56k v.90 modem is asymmetric by design where download speed can be as much as 56k but upload speed will be up to 33.6bps. For 56k to work, there must be only one analog-to-digital (A/D) conversion in your local phone loop. Thus when modems at both ends are analogue, 56k speeds will never be achieved as most PSTN exchanges run digital routing between the exchanges.
2. Some NAG sites use analog phone lines with Cisco and standard 56k modems, and most PC’s dial-ups use a similar modem. Between the two modems, it limits the download speed to about 33.6kbps maximum.
3. Also, many users might experience lower connection speeds due to other reasons, such as more poor line quality. These factors will also contribute to the quality and speed of the line.
(4) VPN ISP Troubleshooting Guide
Q1 If you are getting the message “Unable to Resolve the IP address of the Remote Server. Verify the Host Name in the destination field is correct.” when trying to connect with the Extranet Client.
Try pinging your destination name (Example: VPN.something.com) and if it fails call your ISP to make sure that their DNS is functioning correctly.
Q2 Why do I get No Domain Available when dialing my ISP?
On your Internet Service Providers (ISP) dial connection. Right click the mouse and select the properties button. Click on the Server Type tab and make sure that the Log On To Network box is unchecked.
Q3 Why do I seem to be running slowly through my VPN connection?
Try turning off the Software Compression option on your Internet Service Providers (ISP) dial connection as the VPN client has it’s own compression. Right click the mouse and select the properties button. Click on the Server Type tab and uncheck the
Q4 I keep getting busy signals when trying to connect to my ISP, what should I do?
Contact your ISP giving the numbers you are trying to connect to. Many times you will find that can give you an alternate number not published yet that will work just fine. If not you may need to find another ISP that provides better service.
Q5 When configuring the dial icon for my ISP what should I put in the DNS/WINS settings?
Your ISP should supply you with the DNS/WINS settings of your dial connection. Most only give you DNS, in this case just leave the WINS settings blank.
Q6 Why when I load the Extranet Client on my PC and Winpoet is installed on my machine it crashes or does not work properly?
There are issues running Winpoet software on the PC with the Nortel Extranet (VPN) Client.
To repair your system, boot in safe mode and uninstall the Winpoet Software.
A simple solution is to install the Linksys BEFSR41 hardware router. It has a firmware PPPOE connector, which eliminates Winpoet from the PC and provides the added benefit a NAT firewall with the ability to hook up to three other PCs.
A second option is to find a PPPOE Client that does not interfere with VPN Clients.
Please See Your VPN Doctor for Picture Guide and further Details.
Need a Qiuck Fix, Tool, Trick or Tip? Your VPN Doctor has the Cure!
Posted in Port Server Articles | Tags: Doctor, Network, Private, Troubleshooting, Virtual | No Comments »
Connect To The Desktop Of Your Home Computer Via The Internet
We live in the age of global communication and connectivity. Could you imagine 10 years ago if you had told someone you’d be sitting in a coffee shop, connected to a world wide network, with no wires connected to your laptop, reading the latest news or even playing a game with your friends?
They would have suggested that you are mad! Fortunately, that is not the case and we do live in a world where global communications are standard and almost everyone has their own permanent connection to the internet via broadband.
What if, via this worldwide communications network, you could not only read the latest news or do your grocery shopping online; you could actually remotely control your PC at home! Think about this for a minute, what would this allow you to do? Would it allow you to remotely use any applications you may have installed at home, such as accountancy applications, spreadsheets or documents? Allow you to check any downloads you may have progressing at home? Check on emails that only come in to your email client? The possibilities really are endless. There is a solution at hand, and in this article I will focus on using the inbuilt features of Microsoft Windows XP Professional, namely, Remote Desktop.
If you have never used remote desktop before, don’t be worried. It’s a simple feature that does what is says, presents you with your desktop via a client. If you look in Start -> Programs -> Accessories -> Communications, you will see a Remote Desktop Client application.
Using this application, you can enter a computer name or IP address to connect to. You can even map your home computers hard drives as well, so that they appear in windows explorer, and even print to the printer beside you, from your home computer, over the internet!
Try it at home if you have two computers. You need to make sure that Remote Desktop is enabled first, and this can be done by selecting System from Control Panel, selecting the remote tab, and ensuring that “Allow users to connect remotely to this computer” is enabled. If you plan to do this at home, take note of the “Full computer name”, as this is what you will need to enter into the remote desktop client to connect to this computer.
I know you are worried about security at this point, but don’t worry – we’ll address that later.
Now, if you do have two computers at home, try it and see what happens! You should be presented with the familiar login box, and once logged in – ta-da! You are now on the desktop of the other computer, using the remote desktop application on your local computer!
Now – what if this functionality could be extended; so that you can connect to your home PC from anywhere in the world provided you are connected to the internet? Fortunately, this can be done! There are seven steps that we need to do in order to achieve this.
1. Ensure that your computer will accept remote desktop requests
2. Make sure your password is strong!
3. Note down your IP addresses
4. Change the port number that remote desktop responds on (this will aid with security)
5. Ensure any local firewalls are not blocking the Remote Desktop Port.
6. Create the necessary port forwarding rules on your home router
7. Sign up to a Dynamic DNS service (ignore if you have a static IP address from your ISP)
Let me explain these steps and how to perform each one.
1. Ensure your computer will accept remote desktop requests. As above, you need to select the System icon from Control Panel, and, from the remote tab, ensure that “Allow users to connect remotely to this computer” is enabled.
2. Make sure you password is strong! If your password is not very secure, make sure you change it so that it has at least 8 characters, at least one uppercase character and at least one symbol. One way to do this is to use symbols/numbers as a substitute for letters. For example, say I wanted my password to be the name of my son, Benjamin. Instead of using Benjamin as my password, I could use 83nj@m1n! , which as you can see, is a lot more secure than Benjamin.
3. Note down your IP addresses. We need to make a note of your internal and external IP addresses. To do this, go to Start -> Run and type cmd . Then click OK. Type ipconfig and look for the IP address entry. In this example, we will use 192.168.01. This is your internal IP address. Now browse to http://www.whatismyip.com Take a note of your IP address, in this example, we will use 1.2.3.4. This is your external IP address.
Things will get a bit techy from this point on. The tasks we need to perform are pretty straight forward, however, if you have any questions, please ask a technical friend first or consult online help from the internet as an error in the below steps could cause your computer to malfunction or cause you internet connectivity problems.
4. Change the port number that remote desktop responds on. This will require you editing the registry. Go to Start -> Run and type regedit . Then click OK and you will be presented with the Windows Registry. I won’t get into detail about the registry now, there are books as thick as encyclopaedias written on the windows registry, suffice to say, if you don’t know what you are doing, don’t mess around with it!
Now, if you browse through the tree to
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinstationsRDP-Tcp. Once there, look for an entry in the right hand pane called “PortNumber”. Double click this entry and select decimal. Now, this will be 3389 by default. Make sure you change this to a number of your choosing, above 1024 and below 65534. In this case, lets you 23456. I highly recommend making this number as obscure as possible to avoid people discovering an open port via portscan! Click OK, and close down Registry Editor.
One caveat to this, what port you decide to use, may affect the usability of this feature. Some companies will block ports that are not in common use, so 23456 will be blocked. Other companies allow all ports, as do most home users. If you choose a common port, such as port 80 or 443, it may allow you more access from secure networks, however will allow hackers to more easily see your PC on the internet.
Even using a higher port number will still render you vulnerable to certain attacks, however, the risk is severely minimised when using a higher port number. I and a number of colleagues have used this technology for a number of years without incident; however remember when allowing any connectivity over the internet, there is always a risk! This choice in functionality is up to you.
5. Ensure any local firewalls are not blocking the Remote Desktop Port. This step will most likely requiring you to check the instructions with your particular desktop firewall product. What you will need to do here is ensure that anyone is allowed to connect to the port number used above. This is usually in the form of a firewall rule and looks similar to the below:
Allow Anyone using protocol TCP 23456 in both directions to connect to My computer. Once again, this will require consulting your desktop firewall instructions.
Now, before we go any further we need to make sure this change has taken effect. Reboot your computer, and, if you have another computer on your LAN, try and remote desktop to your computer with the “:portnumber” at the end, for example. Mycomputer:23456, or your IP address, 192.168.0.1:23456. Make sure this works before continuing or else the next steps will not work.
6. Create the necessary port forwarding rules on your home router. This step will depend on your particular home router. You will need to connect to this and define a port forwarding rule similar to the following:
Allow anyone -> Using Port TCP 23456 (substitute for your port number above) to connect to 192.168.0.1 (substitute for your internal IP address). You may need to consult the manual for your router regarding port forwarding for this. You may need to define a particular protocol or server for TCP 23456 (substitute for your particular port number above). This is the hardest step of all so it may take you a while to achieve.
7. Sign up to a Dynamic DNS service (ignore if you have a static IP address from your ISP). If you know your external IP address will never change, ignore this step. If however, you have a dynamic IP from your ISP, you will need to perform this step.
This step is to ensure that if you external IP address changes, it will be registered on the internet so you can still connect to your PC. The best service I have found to use is http://www.dyndns.com.
Sign up here and enter a hostname that you would like to use, ie, myname.dyndns.com. Follow the instructions here to ensure that your external IP address is always updated on the internet.
8. Finally, you are ready to go. If you have completed all the steps above successfully, you’ll want to test this out. The best choice will be to go to a friend’s house with home broadband, and test connecting in. Once connected to the internet, load up your remote desktop client, and enter either you external IP address or DNS name, eg 1.2.3.4:23456 or myname.dyndns.com:23456.
Chances are this may not work the first time, so, I have included below tests that you can perform at each stage to determine where the problem may be.
1. Ensure that your computer will accept remote desktops requests. The best way to check this is to go to Start -> Run and type cmd . Then type “telnet 127.0.0.1 portnumber” ie, “telnet 127.0.0.1 23456″. This should return a blank cmd window if successful, and an error if unsuccessful. If this is successful, move on to the next step. If this is unsuccessful, make sure Remote Desktop Connections to you PC are enabled and the port number is correct. You can do this by typing “telnet 127.0.0.1 3389″ in the same cmd window as before, and if this is successful, your remote desktop port number has not yet changed. You may need to reboot your PC or check the above registry entry.
2. Make sure your password is strong! This test I will leave to you to ensure your password is correct.
3. Note down your IP addresses. Make sure that all your IP addresses are correct!
4. Change the port number that remote desktop responds on. You can check this has been set successfully by going to Start -> Run and type cmd . Then type “telnet 127.0.0.1 portnumber” ie, “telnet 127.0.0.1 23456″. This should return a blank cmd window if successful, and an error if unsuccessful. If this is successful, move on to the next step. If this is unsuccessful, make sure Remote Desktop Connections to you PC are enabled and the port number is correct. You can do this by typing “telnet 127.0.0.1 3389″ in the same cmd window as before, and if this is successful, your remote desktop port number has not yet changed. You may need to reboot your PC or check the above registry entry.
5. Ensure any local firewalls are not blocking the Remote Desktop Port. The best way to test this functionality, if you can, is to use a PC on your LAN. From a PC on the same network as yours, type “telnet “, ie “telnet 192.168.0.1 23456″. If you receive a blank cmd window, then this is working OK. If you receive an error, and all the above tests are successful, then this indicates that something on your PC is blocking this connection. You will need to look at any local firewalls that may be preventing this access (including the inbuilt Microsoft Firewall).
If this step works, also ensure that your local firewall is not just allowing computer on your local network and nothing else to connect. I stress again, make sure you read the instructions that came with your desktop firewall.
6. Create the necessary port forwarding rules on your home router. This is the most problematic part of the process. To check this, you will need to be on another broadband connection. Once connected, navigate to Start -> Run and type cmd . Then type “telnet ” ie, “telnet 1.2.3.4 23456″. Once again, this should return a blank cmd window if successful and an error if unsuccessful. If all the tests above have been successful, and this command is unsuccessful, then this problem indicates there is an issue on the router port forwarding the Remote Desktop request. Ensure that you have read the manual and port forwarded this successfully.
7. Sign up to a Dynamic DNS service. You can test this simply by performing the same command as above. If “telnet externalip portnumber” works, and “telnet myname.dyndns.com portnumber” does not, then there is a problem with this service. From a cmd window, type ping myname.dyndns.com and see if it returns a reply. If not, then you will need to check the online help with regards to this service.
That should be it; you should now be able to connect to your home PC from almost any internet connection. Remember you can use advanced features of the remote desktop client such as connecting your local drives, printers etc.
I suggest you have a quick look at the help that comes with Remote Desktop Client to explore everything that it can provide you with.
As I mentioned at the beginning of this article, the possibilities for this use are endless depending on your own individual needs, and I imagine that as technologies such as 3G and GPRS are improved, this ability will extend to your PDA device as well so that you can access your home PC on the move, that’s if you are not carrying around a small PC and mini holographic projector in your top pocket by then!
Basic Configuration Tutorial For the Cisco ASA 5510 Firewall
Continuing our series of articles about Cisco ASA 5500 firewalls, I’m offering you here a basic configuration tutorial for the Cisco ASA 5510 security appliance. This device is the second model in the ASA series (ASA 5505, 5510, 5520 etc) and is fairly popular since is intended for small to medium enterprises. Like the smallest ASA 5505 model, the 5510 comes with two license options: The Base license and the Security Plus license. The second one (security plus) provides some performance and hardware enhancements over the base license, such as 130,000 Maximum firewall connections (instead of 50,000), 100 Maximum VLANs (instead of 50), Failover Redundancy, etc. Also, the security plus license enables two of the five firewall network ports to work as 10/100/1000 instead of only 10/100.
Next we will see a simple Internet Access scenario which will help us understand the basic steps needed to setup an ASA 5510. Assume that we are assigned a static public IP address 100.100.100.1 from our ISP. Also, the internal LAN network belongs to subnet 192.168.10.0/24. Interface Ethernet0/0 will be connected on the outside (towards the ISP), and Ethernet0/1 will be connected to the Inside LAN switch.
The firewall will be configured to supply IP addresses dynamically (using DHCP) to the internal hosts. All outbound communication (from inside to outside) will be translated using Port Address Translation (PAT) on the outside public interface. Let’s see a snippet of the required configuration steps for this basic scenario:
Step1: Configure a privileged level password (enable password)
By default there is no password for accessing the ASA firewall, so the first step before doing anything else is to configure a privileged level password, which will be needed to allow subsequent access to the appliance. Configure this under Configuration Mode:
ASA5510(config)# enable password mysecretpassword
Step2: Configure the public outside interface
ASA5510(config)# interface Ethernet0/0
ASA5510(config-if)# nameif outside
ASA5510(config-if)# security-level 0
ASA5510(config-if)# ip address 100.100.100.1 255.255.255.252
ASA5510(config-if)# no shut
Step3: Configure the trusted internal interface
ASA5510(config)# interface Ethernet0/1
ASA5510(config-if)# nameif inside
ASA5510(config-if)# security-level 100
ASA5510(config-if)# ip address 192.168.10.1 255.255.255.0
ASA5510(config-if)# no shut
Step 4: Configure PAT on the outside interface
ASA5510(config)# global (outside) 1 interface
ASA5510(config)# nat (inside) 1 0.0.0.0 0.0.0.0
Step 5: Configure Default Route towards the ISP (assume default gateway is 100.100.100.2)
ASA5510(config)# route outside 0.0.0.0 0.0.0.0 100.100.100.2 1
Step 6: Configure the firewall to assign internal IP and DNS address to hosts using DHCP
ASA5510(config)# dhcpd dns 200.200.200.10
ASA5510(config)# dhcpd address 192.168.10.10-192.168.10.200 inside
ASA5510(config)# dhcpd enable inside
The above basic configuration is just the beginning for making the appliance operational. There are many more configuration features that you need to implement to increase the security of your network, such as Static and Dynamic NAT, Access Control Lists to control traffic flow, DMZ zones, VPN etc.
Visit my website in my resource box below for more information about Cisco products and solutions. You can also learn how to configure any Cisco ASA 5500 Firewall Here (applicable for ALL ASA models running software versions 7.x and 8.x).
Setting Up a Wireless Satellite Internet Network
There are several advantages of going wireless with your internet service. You can network your home or office computers easier, you aren’t tethered to the wall and you can access the internet on multiple computers at the same time. If you are interested in going wireless and you are also interested in satellite internet service, then you may want to set up a wireless satellite internet network.
The first step is to subscribe to a satellite internet service. These services are broadband so they are generally going to work with wireless networking equipment that has traditionally been used to create wireless networks for land based broadband internet services. The three top choices for satellite internet service are StarBand, HughesNet and WildBlue.
While you are waiting for your satellite internet service to be installed, you will want to buy all of the wireless networking equipment that you will need. First of all if you don’t have a computer that has an internal wireless networking card already built in then you will want to either buy one that does, or you will want to buy a wireless network adapter. Next you will need a wireless router.
After your satellite internet system has been set up you will be ready to connect your wireless network. To start with, connect your satellite internet modem to the router. The router will then send signals to your computer via infrared signals. Configure your router following the instructions that came with your router.
If you are using a wireless network adapter you will want to plug this into a USB port in your computer. Otherwise your computer should receive the signal using its internal wireless card. Turn your computer on and follow the instructions that came with your satellite internet system to set up your account if your technician didn’t already do this for you. That’s all there is to it.
Posted in Port Server Articles | Tags: Internet, Network, Satellite, Setting, Wireless | No Comments »
CCNA – CCNP Certification – Hands-On Lab Configuring Two Cisco Routers
Objective: In this lab you will configure a simple network to allow two routers to route packets between to remote networks. The text that is in bold is the text you need to type during the lab. Requirements:
Two Cisco routers with one Ethernet port and one serial port.
Cisco IOS 10.0 or higher
One PC for consoling into routers with terminal emulation software
One serial cable
One Cisco rollover cable
Setup: Step 1: Physical Connections Connect the following interfaces:
Console: Connect your PC/terminal to the console port using a rollover cable and HyperTerminal (9600-8-N-1-no flow)
Ethernet: Connect Ethernet ports to a hub or a switch using a straight-through cable. Use a cross-over cable if going directly from the PC’s NIC to the Ethernet (AUI) port on the router using a transceiver.
Serial: If going directly between two routers, don’t forget to connect one port via the DTE cable and the other via the DCE cable.
Step 2: Boot up the routers Just say “no” to use the setup mode (setup dialogue). The setup mode will only allow you to configure the router with the basic features and not with any advanced features. If asked if you would like to terminate the auto configuration; say “yes”. Let the routers finish booting.
Step 3: Host Name and Passwords Begin your configuration with the host name and passwords. This is to remind you of what router you are configuring and now’s the time to start thinking about router security.
RouterA
router>en
router#config t Enter configuration commands, one per line. End with CNTL/Z.
router(config)#hostname RouterA (sets the router’s name)
RouterA(config)#enable secret cisco (Sets the secret password for the router)
RouterA(config)#line vty 0 4 (there are five concurrent connections for the telnet ports coming into a Cisco 2500 router. We are setting the login password on all five of them)
RouterA(config-line)#login (This enables the router to require a login password for a telnet session to the router)
RouterA(config-line)#password cisco (this sets the login password for all 5 telnet sessions coming into the router as cisco)
RouterA(config-line)#exit
RouterA(config)#^Z (This is the key combination of control+z which takes you back to the privileged executive mode)
RouterA#
RouterB
router>en
router#config t Enter configuration commands, one per line. End with CNTL/Z.
router(config)#hostname RouterB (sets the router’s name)
RouterB(config)#enable secret cisco (Sets the secret password for the router) RouterB(config)#line vty 0 4 (there are five concurrent connections for the telnet ports coming into a Cisco 2500 router. We are setting the login password on all five of them)
RouterB(config-line)#login (This enables the router to require a login password for a telnet session to the router)
RouterB(config-line)#password cisco (this sets the login password for all 5 telnet sessions coming into the router as cisco)
RouterB(config-line)#exit
RouterB(config)#^Z (This is the key combination of control+z which takes you back to the privileged executive mode)
FYI: Anytime you make a configuration change to a router and you come back to the privileged exec mode you need to save your changes to NVRAM. This ensures that if the router reboots, you won’t loose your changes which are in the running-config which is volatile RAM. The following command(s) saves your changes to the startup-config.
RouterA#copy running-config startup-config
or
RouterA# copy run start
or
RouterA#wr me (short for write memory)
Step 4: Adding IP Addresses Adding IP addresses, is a basic function of configuring routers. Below is an example of configuring both an Ethernet and serial interface. For serial interface with the DCE cable you will need to also add the clocking with the clockrate command. Get the IP addresses from the network diagram.
RouterA RouterA#config t Enter configuration commands, one per line. End with CNTL/Z.
RouterA(config)#int e0
RouterA(config-if)#ip address 172.16.12.1 255.255.255.0
RouterA(config-if)# description LAN Network for
RouterA RouterA(config-if)# no shutdown
RouterA(config-if)#int s0
RouterA(config-if)#ip address 172.16.10.1 255.255.255.0 (RouterA will have the serial 0 with the DCE end of the serial cable. The other partner will have serial1 with the DTE end of the serial cable. Check the network diagram to confirm to see who has what interface)
RouterA(config-if)#clockrate 250000 (DCE interface only which is the s0 on RouterA)
RouterA(config-if)#no shutdown
RouterA(config-if)#description Network connection to RouterB
RouterB
RouterB#config t Enter configuration commands, one per line. End with CNTL/Z.
RouterB(config)#int e0
RouterB(config-if)#ip address 172.16.11.1 255.255.255.0
RouterB(config-if)# description LAN Network for RouterB
RouterB(config-if)# no shutdown
RouterB(config-if)#int s1
RouterB(config-if)#ip address 172.16.10.2 255.255.255.0
RouterB(config-if)#no shutdown
RouterB(config-if)#description Network connection to RouterA
Once both routers are configured properly, you should be able to use the ping command and ping the interface e0 on each of the routers from the neighboring router. If you do a show ip route on both routers and do not see the directly connected interfaces in the routing table, they are either not configured or they never came up. Confirm that the IP addressing took and the interfaces came up by using the show ip int and looking at the interfaces’ status and ip address configuration. RouterA# show ip route RouterA# show ip int Do this on both routers.
Step 5a: Adding Dynamic Routing: RIP For this router to participate in a dynamic routing using a dynamic routing protocol like RIP or IGRP, you’ll need to enable a routing protocol and advertise the directly connected networks that want advertised.. We only advertise the classful network address, not the subnet mask of the network.
RouterA
RouterA>en RouterA#config t Enter configuration commands, one per line. End with CNTL/Z. RouterA(config)#router RIP RouterA(config-router)#network 172.16.12.0
RouterB
RouterB>en RouterB#config t Enter configuration commands, one per line. End with CNTL/Z.
RouterB(config)#router RIP
RouterB(config-router)#network 172.16.11.0
FYI: We need to advertise the network, not any particular host. An example of that would be enabling RIP on RouterB. We want the other router (RouterA) to know that any packet destined for the network 172.16.11.0 can be sent to RouterB which has a directly connected 5 entry in it’s routing table showing what interface to send the packet to; in this case its e0. If you route to 172.16.11.1, all your every going to route to, is the e0 on RouterB and nothing else. Test your configuration to ensure that it is configured properly by pinging from router to router. Check your routing table for entries that are preceded by a capital letter “R” to ensure that you are receiving routing updates using RIP. Ensure that your partner has finished configuring his router so that you can receive his updates. No updates, no ping. Do a show ip protocol to see what routing protocol is configured on the routers.
Step 5b: Adding Dynamic Routing: IGRP IGRP uses an autonomous system (AS) number or process id. This number must be the same on all routers wanting to share IGRP routing updates or they don’t share. Turn RIP off before you turn on IGRP. For this lab we’ll be using an AS number of 100.
RouterA
RouterA>en RouterA#config t
RouterA(config)#no router rip RouterA(config)#router igrp 100
RouterA(config-router)#network 172.16.12.0 (again, just the network portion of the IP for your Ethernet network, NO subnet mask)
RouterB
RouterB>en RouterB#config t Enter configuration commands, one per line. End with CNTL/Z.
RouterB(config)#no router rip
RouterB(config)#router igrp 100
RouterB(config-router)#network 172.16.11.0 (again, your Ethernet network IP NO Subnet Address)
Step 6: Adding Default Routes Good candidates for default routes are routers which are known as the boundary router. This is a router which is normally part of a stub network. Inside the stub network, the routers may be participating in a dynamic routing using a protocol like RIP, but only a static default route is needed to connect the stub network to the Internet.
RouterA
RouterA>en RouterA#config t RouterA(config)#ip route 0.0.0.0 0.0.0.0 172.16.10.2
RouterB
RouterB>en RouterB#config t
RouterB(config)#ip route 0.0.0.0 0.0.0.0 172.16.10.1
Step 7: Adding Static Routes A static route can be used for different reasons. One reason may be for a router to connect to another router in a lab. You’ll need to turn off all routing protocols before you configure the router for static routing.
RouterA
RouterA>en
RouterA#config t
RouterA(config)#no router igrp 100
RouterA(config)#ip route 172.16.11.0 255.255.255.0 172.16.10.2 What we are saying here is: For RouterA to route to the network 172.16.11.0, go to the next hop interface which is the serial1 (172.16.10.2) attached to RouterB. Since RouterB knows about the directed connected Ethernet network of 172.16.11.0, it will have route for it in its routing table proceeded by the letter “C”. (See next example)
RouterB#sh ip route (Output omitted) 172.16.0.0/24 is subnetted, 1 subnets C 172.16.0.0 is directly connected, Ethernet0 RouterB# RouterB
RouterB>en
RouterB#
RouterB#config t
RouterB(config)#no router igrp 100
RouterB(config)#ip route 172.16.12.0 255.255.255.0 172.16.10.1
Step 8: Testing and Monitoring At this point it is a good idea to start testing your network using various commands. Perform the following on both routers.
RouterA# show ip route
RouterA# show ip interface brief (This command shows the IP and status of all interface)
RouterA# show controller s0 (Shows whether or not the serial cable is DCE or DTE.)
RouterA# ping ip-address
RouterA# trace ip-address
RouterA# debug ip rip (Remember to turn debug off when done, use undebug all, no debug all or un all)
RouterA# terminal monitor (for using debug from a telnet session, otherwise debug output will go to the console. Caution: This will cause the debug output to go to all telnet sessions on the router.)
Show commands
RouterA# terminal no monitor(To turn off monitoring during a telnet session.)
RouterA# show cdp neighbors
RouterA# show ip protocols
RouterA# #show version
RouterA# #show flash
RouterA# show ip route (shows the routing table)
RouterA# show memory
RouterA# show stacks
RouterA# show buffers
RouterA# show arp
RouterA# show processes
RouterA# show processes cpu
RouterA# show tech-support
Step 9: Finishing up Once you have your routers up and working you may wish to run some commands to make working on Cisco routers easier and to stop some of the default annoying behavior of Cisco routers.
RouterA(config)# ip host RouterB 172.16.10.2 (This configures a host table entry for the name RouterB. So instead of having to remember the IP of RouterB to ping it, you can now ping it using its name, RouterB. It’s the same as using a hosts file on a computer. If you just type in RouterB and hit enter, the router will assume you’re wanting to telnet into RouterB using port 23)
RouterA(config)# no ip domain-lookup (When there is no DNS server and you miss spell a single word command, it will try to do a DNS lookup using a broadcast address of 255.255.255.255. To stop this lookup of a non-existent DNS server, we can turn off the DNS lookup capability using this command.)
RouterA(config)# banner motd #!!!!Warning! Authorized Access Only!!!!# (This message will be seen by anyone trying to logon to your router. The # sign is known as a delimiting character and is used to identify the text portion of the MOTD. Notice that the actual message starts and ends with the delimiting character)
RouterA(config)# no service-config (When you reboot a Cisco router, the default behavior is to try and find a configuration file on the network using a number of methods over a broadcast address of 255.255.255.255. To stop this annoying behavior, Use this command.)
RouterA(config)#no logging console (Each time you leave one level of the router and return to the previous level or bring an interface up, you get a read out on the console screen. If you get busy typing and configuring the router this can be distracting and annoying. Use this command to stop the logging of messages to the console screen.) And don’t forget to…
RouterA# show running-config
RouterA# copy running-config startup-config
Firewall DMZ a Secure Way to Provide Public Resources
Providing public resources such as Web servers which are located inside the private network is prone to any types of internet threats. This is because we allow inbound internet traffic reaching into our private network. A secure way to provide public resources is by establishing a security boundary – the firewall DMZ.
Connecting our private network to the un-trusted network (aka the internet), we should control the flow of the traffic in a secured manner by using a firewall device. With firewall, all the traffic are forced to pass through a single concentrated checkpoint where all traffic will be controlled, authenticated, filtered, and logged according to the policies set. With this way, we can significantly reduce, but not eliminate the amount of unauthorized traffic reaching our internal network.
What should we do if we need to provide the public resources such as Web-servers that can be accessed by users from the internet in a secured way? Internet users can access the public resources but they cannot reach into our private or internal corporate networks. We need to configure our firewall by providing the perimeter network – a Firewall with DMZ (Demilitarized Zones).
Firewall DMZ – Demilitarized Zone is a security network at the boundary between a corporate / private Local area network (LAN) and the internet. A firewall DMZ must be used whenever you need to provide a segmentation of the network when you need to host public resources such as Web servers. The perimeter network is designed to protect servers on the corporate network from attack by malicious users on the Internet.
If the requirements to use multiple network segments exist, you can deploy multiple DMZ with differing security policies (levels). For example when you need to deploy a secured web server with SQL server on different machine, you need to provide segmentations to both Web -server and the SQL server. Web-server should be placed in DMZ1 while SQL server should be placed on different segment – DMZ2.
We should create policies in such a way that the traffic from the internet users can only access the Web server which sits in DMZ1 network. They cannot access the SQL server which sits in DMZ2 network. However, both Web server in DMZ1 and SQL server in DMZ2 can access each other. As a general practice you should separate the SQL server from the Web server. You need to develop policies that meet the above security requirements and implement them in the firewall.
Implementation
The firewall DMZ can be implemented at the border of the corporate LAN which typically has three network interfaces:
1. The internet interface: the interface is exposed to the internet (the unsecured public network)
2. The private or Intranet interface: the interface is connected to the corporate LAN network where you put your vulnerable servers.
3. The DMZ network: the DMZ interface resides in the same public network that can be easily accessed by public users from the internet. The public resources which typically reside in the firewall DMZ are proxy servers, and web servers.
Home Wireless Router with DMZ Feature
There are many popular home wireless routers such as WRT610N by Linksys, DIR-855 D-Link router which are equipped with the firewall DMZ feature available in the market today. With the DMZ feature, you can configure a single computer to be exposed to the internet for use of a special-purpose service such as Internet gaming or video conferencing. DMZ hosting forwards all the ports at the same time to one PC.
Beside the DMZ feature, the Port Forwarding feature is more secure because it only opens the ports you want to have opened, while DMZ hosting opens all the ports of one computer, exposing the computer to the Internet.
For example with WRT610N wireless router, you can expose one PC or game console for Online Gaming purposes. You can configure the router by accessing the router web-based utility and locate the Application – DMZ page to configure and enable the DMZ feature. DMZ feature is disabled by default. Enable the DMZ feature and select the IP address or manually enter a specific IP address of the computer from the Internet that will be allowed to access the PC in the network. You should also enter the IP / MAC address of the PC / Game console you want it to be accessed from the internet.
By Ki Grinsing