The stock firmware in most of the wireless routers are severely limiting in features and performance. To make the most out of your router, you can switch to alternate firmwares like DD-WRT, OpenWRT, Tomato etc.

However the alternate firmwares are in a constant state of development, which are mostly done in the spare time of developers. There are no ETA for problem fixes and feature additions since it is voluntary work. So have lots of patience and be ready to experiment till your router is fully supported.

The forums of these projects are a wealth of information regarding various router hardware and software. Make sure you search for relevant information there before you venture into flashing your router.

Routers are built around chips from OEMs like Broadcomm, Atheros etc. If you have Broadcomm/Ralink chipset based router DD-WRT or Tomato will be the right choice. If the chipset is Atheros, OpenWRT is what you should try.

The following is a list of routers which are a good buy at their current prices. Please note the prices are approximate market prices.

If you buy a router with USB port, there are some nifty tricks you can try. You can run SAMBA (File Sharing for Windows) on your router and use it as a Network Attached Storage (NAS).

You can install torrent clients directly on the router so that you save on power because you dont need your PC to be on for your downloads. While a PC will use 60W (with monitor switched off and power saving on), the router will hardly need 5W to accomplish the same task.

Most firmware support using a USB 3G dongle on the USB port, so you can configure and use the 3G wireless broadband without your PC/Laptop. The possibilities are endless. The TP-Link 841N and Asus RT-N12 are good candidates for extending your wireless range in a budget.

Please be cautious while flashing alternate firmwares as a wrong flash can brick your router. I will not be responsible for any damages you inflict on router or yourselves by using any information in this post.

I welcome questions and suggestions on this article.

Configuring Foundry Switch for LACP

in example we are using ports 1/1 to 1/4 and Vlan 100. Configure your device according to  your port configurations and Vlan names.

lag <lag name> static
port e 1/1 to 1/4
primary-port e 1/1

To assign a Vlan to the teamed Ethernet ports go to the VLAN interface, and tag the ports which you want to add the vlan

Vlan 100
tagged e 1/1

Configuring Virtual Switch on ESXi Server

Do following steps to configure vSwitch properties for load balancing:
Open your vSphere and connect to ESXi or VCenter.
1.    Click the ESX host.
2.    Click the Configuration tab.
3.    Click the Networking link.
4.    Click Properties.
5.    Click the virtual switch in the Ports tab and click Edit.
6.    Click the NIC Teaming tab.
7.    From the Load Balancing dropdown, choose Route based on ip hash.
8.    From the Network Failover Detection  dropdown, choose Link Status Only

Download pfSense CD from here

http://www.pfsense.org/mirror.php?section=downloads

Write The ISO file to a CD and boot from pfSense CD.

Select “n” if you don’t have a Vlan setup

Sigh Lan and wan Interface

It will automatically asign 192.168.1.1 for the lan interface.

Set Lan IP Address

select option 2 and enter your lan IP, it will ask for subnet, you have to enter subnet as bit counters
Eg

255.255.255.0 = 24
255.255.0.0  = 16
255.0.0.0     = 8

It will also prompt for set this server as a DHCP server. If you want to set this server as a DHCP server select “y”. If you are using static ips for client pcs just select “n”

After applying the LAN IP address, you can access the pfSense web interface using http protocol

Eg : http://192.168.0.10

Install pfSense  to a hard drive / memory

Select option “99” to install pfsense to your local media.

It will start installation in first setp and ask some settings to change video font screenmap keymap etc .. select “<Accept these Settings>” for default settings

Now select “<Quick/Easy Install>”

System will prompt for a confirmation If you press <OK> It will erase all data from first HDD

So make sure that u have data backups if necessary

Select multiprocessing kernel

Reboot the server when it prompt

Initial configurations in web interface

Now go to web interface
It will ask for user id and password
Default user id and passwords for pfsense server as follows

User : admin

Password : pfsense

On this screen you will set the General pfSense parameters.

Add hostname, and domain name, Primary and Secondary DNS server in this screen, here I used Open DNS to improve security, you can give your DNS

Eg : 208.67.222.222 & 208.67.220.220

Time Server Information

Enter your time server name and Timezone and click next

Configure the Wide Area Network information

If your internet connection is based on DHCP, click next. No changes required in this area.

If your internet connection with a static IP or a PPPoE / PPTP you can configure details in this window.

Configure LAN Interface

We already assigned an ip address for lan from the terminal itself. Click next if there is no change.

Set Admin WebGUI Password

Set your administration password for web interface management. Currently we entered with default password. It is strongly recommend to change the password now itself.

Reload

Click ‘Reload’ to reload pfSense with new changes. If you changed the password, pfSense will ask you to log in again.
This will take some time to reload automatically. You can use the same ip url to reload quickly.

Install Squid

Go to System > packages, it will load all the supported packages,  Select squid and click “+” button
Squid package and its dependencies will be automatically installed in this server

Executing custom_php_resync_config_command()…done.

Writing configuration… done.

Starting service.

Installation completed. Please check to make sure that the package is configured from the respective menu then start the package.

Now squid is installed and basic Server is ready to work as a proxy, by default no one can use this proxy. Access control system should configure for Allowed subnets,

Go to Services > Proxy Server > Access Control and add Allowed subnets. You can add ips or subnets. separate entries with space. Basic blacklisting / white listing is possible in this configuration window

Eg : 192.168.1.0/24

Now squid will serve all sites to 192.168.1.0 network. by default squid is running on tcp port 3128

Configure your client proxy settings with your server ip and 3128 port

Eg

IP address 192.168.1.0

Port : 3128

For an advanced Proxy Server it is required Standard blacklists and reporting features. Squid Guard and Squid reporting packages are available for Pf Sense. My next article is about How to Configure a PfSense with SquidGuard and Lightsquid

This error may occur in the networks if some previous sessions of network shares still exist in the cache. the shares many be connected with different log in credentials. If you get the error, directly go to command prompt and list the list of connections authenticated. Use following command to list them

net use

There you can see the list of shared item you already connected. select the session you want to reconnect. for Eg \\192.168.0.1\c$. Type the following command to remove the session.

net use \\192.168.0.1\c$ /delete

now try to access the share once again

if you want to give user id and password in single command, then use the following command

net use \\192.168.0.1\c$ /user:localhost\username password

Windows servers can establish only two remote desktop connections simultaneously. But if the session is in Disconnected mode ( If its close without log off  ) you can access this session again. But if any two sessions are logged in you cannot get a new RDP Connection. And you will get the above error.   You can terminate any sessions. Find the following two ways to get a connections. Before that try to access the console using following command. for both methods you should try as an administrative account. if it is a different user gain the access using “net use” command

Here 192.168.0.1 is the example Ip address

mstsc /v 192.168.0.1 /f –console

Using Terminal service manager ( tsadmin)

Do it from a windows server which is under same work group or domain.

• Go to RUN and type “tsadmin”

It will open the terminal service admin console. and you can see the local RDP sessions here.

• Now you go to actions >> Connect to computer in the menu bar

• Give IP address of the server which you want to connect

Once you get the connection you can see the list of sessions in the right panel of the window

• right click the session which you want to terminate

There you can see features like connect, Disconnect, Send message, remote control, Reset, status, log Off,

( Do the action depends your environment, You can see User name, session Id, state and Logon time )

Using Command line

query session /server:192.168.0.1

For windows Xp reffer this Article : link

Now identify the session id from the result and replace “ID” with your corresponding id in following command

reset session “ID” /server:192.168.0.1

The cisco packet tracer or Boson is just simulators. I want to introduce a new concept called “Emulation “. This is actually like running a virtual machine by using Vmware workstation or Sun V Box.

GNS3 is an excellent complementary tool to real labs for network engineers, administrators and people wanting to pass certifications such as CCNA, CCNP, CCIP, CCIE, JNCIA, JNCIS, JNCIE.

It can also be used to experiment features of Cisco IOS, Juniper JunOS or to check configurations that need to be deployed later on real routers.

Previously DYNAMIPS was introduced as a text line simulator; you cannot create topologies as like you are doing in Boson or packet tracer. You should have to edit topology files as you are doing in Linux configurations. Then GNS3 was introduced. Both dynamips and GNS3 are open source products and free for every one.

The GNS3 and DYNAMIPS combination gives as unique features such as you can run any service in your emulation based on the IOS you are using. For example if you are using 1841 IP base IOS then you can not configure IPSEC and other cryptographic services and if you are using 1841 advanced security IOS then you can configure IPSEC. So the real IOS is loaded in the dynamips Hypervisor and this makes your computer to run many virtual routers connected to each other based on how you design your topology.

Installing GNS3

Installing GNS3 is very easy. Download GNS3 with dynamips and QEMU from the below link for windows XP or windows 7.

Download GNS3

Also Find the Download page  http://www.gns3.net/download

Once downloaded and Installed follow the below steps to configure.

Configuring GNS3

Once installed launch GNS3 from the desktop icon. Cancel initial configurations if any GNS3 asks. Follow the below steps to configure manually.

Step 1 : Click Edit and select preferences

Step 2 : In the newly opened window select ‘ Dynamips ‘ option and click test button leaving other things default

Step 3 : If you get a message like “ Dynamips Successfully started “ the there is no issue with your ports.

Step 4 : Click Apply and OK

Step 5 : Again Select Edit and take IOS images and Hypervisor Manager

Step 6 : In the newly opened window select a plat form and select a router model (Eg: Platform : 3700, Model : 3725 and select appropriate IOS image file, I mean you should have IOS for 3700 plat form saved in a local folder and you should set path for it and click save button. Follow same method and add IOS for what ever platform and model you want.

Step 7 : Now in the GUI, drag and drop routers connect their serial port start them and on each router right click and select console to take them in console.

There are many tricks and techniques are there to make dynamips to be available to the external computers. First practice this basically. I will be make posting on other advanced techniques of GNS3 in next posts. Please go through the below images how GNS3 actually look like.

GUI Dash Board

Topology scenario – 3600 and 7200 connected using serial cable

How to start the Router

How to take the router console

Router Console Opened – Booting Now

3600 Router ready to work

Configure server and client with RSA Key

Create Public and private key using ssh-keygen

#ssh-keygen

It will ask for the location to save the key

Default location : /root/.ssh/id_rsa

Next It will ask passphrase. (u can do it without a password also, for that just enter )

It will create Private key and public key. See the out put

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

Upload public key to the server which you want to upload

#ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.0.1

(Here 192.168.0.1 is a example ip address)

It will automatically copy your public key to .ssh/authorized_keys

You can upload the public key to multiple servers using same command ( ssh-copy-id ). Next time onwards the server will not ask the user ID and password

In early days Http and other services were accessed by concern server IP addresses, but now a days all services are mostly accessed by using the name spaces. An hierarchical name space was introduced for unique proprietary name provision for general public and organizations whom uses servers to give services in public networks ( eg., Web server etc., ).

Why I need names instead of Ip addresses to be directly used ? the major issues are given below.

1. A name will represent a company in the public network, IP doesn’t . ( Eg., www.google.com represents Google Search engine on internet. instead of that if i give a set of numbers as my web site address will that look fair ? (  Eg.,   http://173.194.32.104 )

2. The next thing is if i use my IP address as my site address its difficult for users to remember 100s of sites within their mind

3. The next thing is if I use my IP address as site address, in case if there is a service level issue with my ISP and am switching over to another ISP, my IP will surely get changed. Then i have to intimate all my customers about my change.

4. The fourth one is it is not possible to keep redundant web servers for same web site if they use IP address as site address.

5. The next major issue is I cant use mail address in their format. Will it look fair if i have a mail address as  ” anbarasu@122.165.216.46 “  ??

So for above mentioned reasons we cannot represent our site address in the IP format. Ok lets have a change.. let me change my site addresses to names such as www.yahoo.com , www.google.com like wise.

What will be the issue ? my basic communication between the servers and clients will be happening by my basic communication protocol the ” TCP / IP “. I can’t use a string as my server address .

What to do ? i need IP for basic communication and also i cannot use IP address as my site address. Here came the God father the mighty ” DNS “.

What actually DNS does ?

DNS is a server in which we can create Names vs IP address records. with a separate container for each and every domain ( A domain represents a company in DNS servers. For example for yahoo there will be a container alloted in which all its servers will be placed www.yahoo.com, chat.yahoo.com, in.yahoo.com ).

Inside the container I have to create records for each server as given below.

www.yahoo.com   122.165.216.46

chat.yahoo.com    122.164.215.45

in.yahoo.com         122.164.216.54

like wise. This is called DNS data base. The DNS server will be having database for all servers hosted in the public internet ( Lets discuss latter about how a server in America whose name record is available in my local ISP DNS server ).

So now, in my client machine I have to define which is my DNS server ( preferred alternate options will be available in your client machines ). Once you defined it for all name based probes, the client machine will contact your DNS server using your client machine’s DNS client service to get name query. No matter what type of application your using either a browser or a custom application.

Now in my client machine browser am typing ” www.yahoo.com “. The client machine OS directs the typed name to the DNS client service and in turn the client service establishes a connection to preferred DNS server in case if preferred DNS server is unavailable the client service establishes connection with the alternate DNS server.

Once the connection is established in between the DNS client and DNS server the DNS client starts name query as shown below. ( lets consider DNS client and server are speaking )

Client : Hello 203.145.184.40

Server : Hello 122.169.200.49

Client : Need a name query establish connection

Server : Ok establish connection

( connection got established )

Client : Need Ip address of www.yahoo.com

( Server Searches its database )

If got the record

Server : Ip address of www.yahoo.com is 122.165.216.46

Client : Thanks and signing off

in this way the client gets IP address of www.yahoo.com, not every time when you access www.yahoo.com, once per hour or two even if you continuously accessing yahoo . Because the resolved name will be in client machine’s memory for some time. Based on the configurations done in DNS server ( not in DNS client even if it is stored in DNS client ). This is called cache.

So how it is use full for you ? comment on this

Firewall_5510#config t

Firewall_5510(config)# enable password xxxxx(your password)

Enable password is necessary to enable ssh access

Firewall_5510(config)# username test password test123

User name and password for connecting using ssh

Firewall_5510(config)# aaa authentication ssh console LOCAL

Different authentication can be  configured, like RADIUS, TATAC, etc.., here we specified Local authentication with user name and password mentioned above

Firewall_5510(config)# ssh 192.168.x.x 255.255.255.o inside

Permit  ssh access to firewall  from specified ip or subnet, inside

Firewall_5510(config)# domain-name TEST.ORG

Domain name of your company. RSA key is generated using domain name + firewall name combination

Firewall_5510(config)# crypto key generate rsa modulus 1024

Generate RSA key

You are done !!!!!!!!!!!!!!!!!!!!!!

now the firewall can be accessed from inside network………………………

Cisco announced that Guinness World Records, an authority for record-breaking achievement around the world, has certified the Cisco Carrier Routing System (CRS-1) as the highest capacity Internet router ever developed. The new router will be the first networking technology to be recognized by Guinness World Records.

The CRS-1, announced in May, is designed to shuttle traffic across the backbone of the Internet. The company spent four years and $500 million developing the technology, and even created a new software operating system for the product. Cisco claims that the router can reach a routing throughput of 92 terabits, or 92 trillion bits per second. With this kind of capacity, the entire printed collection of the U.S. Library of Congress could be downloaded in 4.6 seconds. The same feat using a dial-up modem would take around 82 years.

Cisco has already been listed in the Guinness record books for other achievements. On April 11, 2000, Guinness recognized Cisco as having the highest market capitalization of any computer company in the world, eclipsing Microsoft. On that day, Cisco’s market capitalization was $503.4 billion, according to the record books.