“Dell’s distribution, reach and brand are well-recognized across the industry. This transaction aligns well with Dell’s mid-market design focus and allows us to accelerate growth of our flagship SuperMassive Next-Generation Firewall solutions with Large Enterprise customers,” said Matt Medeiros, president and CEO, SonicWALL. “Additionally, SonicWALL is recognized as a leading security solutions provider for small and medium businesses through our UTM solutions. Dell’s phenomenal breadth and reach into small and midsize companies provides a significant opportunity to expand our customer base.”

Dell seems to really be making a push into enterprise networking, however I am not sure if this acquisition improves their strategic plan that well. SonicWall although popular at the small and mid-size network levels has never really seemed to be all that welcomed at the large enterprise level.

I guess as they say “Only time will tell”.

Once you have logged into the RouterOS CLI we first need to navigate to the “IP DHCP Server” sub-menu by issuing the following command:

[admin@routername] > /ip dhcp-server

We start the initial DHCP setup with the command “setup”.

[admin@routername] /ip dhcp-server> setup

The setup wizard will then prompt you for the following:

Select interface to run DHCP server on

lease time: 3d

You can verify your DHCP settings with the commands “print”, “network print”, and “/ip pool print”.

If you wanted to add a secondary DNS server (eg. 10.100.10.250) to the pool after the fact. This can be done with the following commands:

[admin@routername] /ip dhcp-server> network
[admin@routername] /ip dhcp-server network> add dns-server 10.100.10.250

From the “network” sub-menu you can also add a Domain to the pool.

[admin@routername] /ip dhcp-server network> add domain yourdomain

@echo off

REM Delete backups older than 30 days
forfiles /p C:\destination /s /m *.* /d -30 /c “cmd /c del @path”
for /f “delims=” %%d in (‘dir C:\destination /s /b /ad ^| sort /r’) do rd “%%d”

REM Perform backup
set folder=%date:~10,4%%date:~4,2%%date:~7,2%
mkdir C:\destination\%folder%
xcopy /e /c /k /o C:\source C:\destination\%folder%

To get the script to run nightly I just created a “Scheduled Task” for it.

First you will need a serial console connection to the router (To my knowledge there is no way to do this via telnet or ssh)

Step 1:

You will need to power off the router and power it back on. Immediately after powering the router on you will need to hit the CTRL + BREAK keys on the keyboard until you get into the ROMMON mode. You should now see the “rommon 1>” prompt.

Step 2:

In this step we are going to change the configuration register value. The default value is 0×2102, but we are going to change it to 0×2142. The 0×2142 register tells the router to ignore the startup-configuration. We do this with the following command:

rommon 1> confreg 0×2142

Now we need to reboot the router:

rommon 2> reset

After rebooting the router will boot with the initial configuration prompt type “no” to go on into the router command line.

Step 3:

Type “enable” at the command prompt to get into privileged mode. You should then see the “Router#” prompt.

Step 4:

We now need to load the startup-configuration into the running-configuration with the following command:

Router# copy startup-config running-config

Step 5:

Here we are going to go into the configuration mode and do the actual password change.

Router# configure terminal

Router(config)# enable secret yournewpassword

NOTE: At this point you can also change other passwords for telnet/ssh access, etc.

Step 6:

Lastly we need to put our configuration register back to the default value of 0×2102, save the configuration, and reboot the router.

Router(config)# config-register 0×2102

Router(config)# exit

Router# write mem

Router# reload

There you go! You now have full access to the router with a new password and the original working configuration.

Here is a list of their currently available lab hardware:

Block A
• 1x Cisco 2811 (with 2x WIC-2T)
• 2x Cisco 1841 (with 1x WIC-2T)
• 1x Cisco Catalyst 3560-24
• 1x Cisco Catalyst 3550-24 (with Inline Power)
• 1x Cisco ASA 5505

Block B
• 1x Cisco 2811 (with 2x WIC-2T)
• 2x Cisco 1841 (with 1x WIC-2T)
• 1x Cisco Catalyst 3560G-24 (with IEEE 802.3af PoE)
• 1x Cisco Catalyst 3550-24
• 1x Cisco ASA 5505
• 1x Cisco Aironet 1232AG

Block C
• 1x Force10 S25N

Once you have logged into the RouterOS CLI we first need to navigate to the “IP address” sub-menu by issuing the following command:

 /ip address

Now we are going to add your outside address with this command:

add address=210.50.10.1/28 interface=ether1

Now add the inside address:

add address=10.100.20.1/24 interface=ether2

We can then verify that our settings were added correctly by typing:

print

You should now see something similar to the following:

Flags: X - disabled, I - invalid, D - dynamic
  #   ADDRESS            NETWORK         BROADCAST       INTERFACE
  0   210.50.10.1/28     210.50.10.0     210.50.10.15    ether1
  1   10.100.20.1/24     10.100.20.0     10.100.20.255   ether2

And that’s it. RouterOS is pretty straight forward and easy to navigate. I will be covering more in future posts on advanced routing, dhcp, dns, etc so stay tuned.

In this example we are going to be configuring the “ip helper” command on interface FastEthernet0/1. Our IP for the interface will be 10.10.20.1/24 and the IP of our DHCP server will be 10.10.10.5/24.

After you have accessed the command line of the router the first thing you will need to do is get into configuration mode by issuing the following command:

conf t

The DHCP server and relay agent should be enabled by default, however if for some reason they are not already enabled they can be enabled by issuing the following command:

service dhcp

Next we will want to enable the DHCP relay agent information option:

ip dhcp relay information option

Now we need to configure the actual interface via the following commands:

interface fastethernet0/1
ip address 10.10.20.1 255.255.255.0
ip helper-address 10.10.10.5
no shut

We now have a working DHCP relay pointing to our Windows DHCP Server for clients that connect to interface FastEthernet0/1. There are tons more ways to utilize and configure this functionality. For example you could assign “ip helper” to sub-interfaces for vlans. We will dive into the more advanced functionality in later articles, but for now this gives you the basic principal of the commands for configuring DHCP relay.

This guide is more of a tutorial on basic VLAN configuration than an explanation of what VLAN’s are. If you don’t know what a VLAN is you probably won’t be reading this site to begin with. This guide also is not a “HOWTO” on configuring VLAN’s on a specific piece of equipment. We will be discussing the general basics of how VLAN’s are configured in theory. The goal is that after reading this guide you should be able to take the information learned and apply it to real world situations regardless of which brand/model VLAN switch you use.

In this guide I will be using an example network configuration with a 24 port switch with 5 VLAN’s (default, management, data, voice, and wifi), 1 server, 2 network printers, 10 computers, wireless AP, and an IP phone system with 8 IP phones. I will not be discussing configuring routers, wireless AP’s, or phone systems. These subjects will be covered in other more advanced articles in the future where we will build on the basics discussed here.

 
Note: This article does assume two things about the network environment. 1.) All devices are on a single subnet. 2.) The VLAN switch you are using supports Asymmetric or Multi-VLAN Port features. Otherwise a Layer-3 device would be required.
 

First let’s go over the 5 VLAN’s we are going to be creating. For simplicity sake I will keep the VLAN ID numbers low and sequential. Here is the list of VLAN’s we will be configuring.

1. Default VLAN = VLAN 1 (will be used for internet access/uplink)
2. Management VLAN = 10 (will be used for management access)
3. Data VLAN = 20 (will be used as main data VLAN)
4. Voice VLAN = 30 (will be used for IP phone system)
5. Wifi VLAN = 40 (will be used for wireless AP for guest access)

In this guide we are going to be using port based VLAN configuration so the first thing we have to do is decide to which ports individual devices will be connected. There are multiple ways to do this but my personal preference is to just write down the list of ports on my switch on a piece of paper or if I am at a computer I will open up notepad and type up a list that looks something like the following:

Port 1: Uplink to router
Port 2: Server
Port 3: PC1
Port 4: PC2
Port 5: PC3
Port 6: PC4
Port 7: PC5
Port 8: PC6
Port 9: PC7
Port 10: PC8
Port 11: PC9
Port 12: PC10
Port 13: Printer1
Port 14: Printer2
Port 15: WirelessAP
Port 16: Phone System
Port 17: Phone1
Port 18: Phone2
Port 19: Phone3
Port 20: Phone4
Port 21: Phone5
Port 22: Phone6
Port 23: Phone7
Port 24: Phone8

Now that we have our list of devices and to which ports they will be connected we can decide what devices will be a member of what VLAN. We again go back to a piece of paper or notepad and make another list.

VLAN 1(Default): (All devices that need to access the internet would be in this VLAN)
Server
Computers (PC1 – PC10)
WirelessAP (If you want your wireless guests to use your internet)
Server for phone system (If you want remote access/management of the phone system)

VLAN 10(Management): (All devices that need to be able to connect to and manage the switch)
Server
Computers (For this example only PC1 – PC4)

VLAN 20(Data): (All devices that need data communications. This VLAN is also referred to as the main network VLAN)
Server
Computers (PC1 – PC10)
Printers (Printer1, Printer2)

VLAN 30(Voice): (All voice devices)
Phone System
Phones (Phone1 – Phone8)
Computers (For this example only PC1 – PC4)

VLAN 40(Wifi): (For this example only guests will access the network via wifi)
Guest IP Devices (Notebooks, tablets, smartphones, etc)
Printer2 (For this example Printer2 is accessible by the computers on the main network and is available for guest devices to print if needed)

]]> http://benchaddix.com/2011/06/26/intro-to-vlan-configuration/feed/ 0