Error: Cannot Connect to display

In some virtual box images which does not have GUI support, the error mentioned in the title is encountered. This is because it does not support GUI and so it cannot display a graphical interface.

However, whether you are using Windows or Linux,there is a solution to this.

Step 1: Make sure you have host only networking adapter on your vm.

Make sure that you add an adapter with host only networking enabled on that adapter.
If you have host-only networking enabled, you will see an interface on your image with a class C ip address.
The IP Address is a class C address like 192.168.56.103.

To know this address use the commands ifconfig(if your image is linux based) or ipconfig(if your host is windows based.)

It will also have a class A address like 10.0.0.3 if you have NAT adapter enabled. This is used for connecting the virtualbox to the internet.

Step 2: Connecting to guest from host.

If you are accessing the guest using a command line, use the following command to access the guest and you do not need to follow step 3.

ssh -X username@address        ----------where -X enables X11 forwarding, username is the username  of the image and address is the host-only address of the guest.

If you are using a Windows host.

Make sure that you enable X11 forwarding in the ssh client(Eg, Putty, Secure Crt) you are using.

In Putty,Go to Connection > SSH > X11 > Check mark the X11 Forwarding option.
In Secure Crt, Go to Connection--> Port Forwarding--> Remote/X11 and check the Enforce X11 authentication checkbox

Step 3: Start Xming(If you are using Windows host)

Download Link : http://www.straightrunning.com/XmingNotes/

If you are using the Windows as a host you will need to start Xming first, which is a display server for Windows.

Now, to display the GUI for applications use the command xterm to open the GUI.
For eg.: In case of mininet use 'xterm s1' to display the xterm window for switch 1.

Authentication in RIP v2

RIP version 1 does not support authentication. RIP version 2 supports plain text and md5 authentication. The difference between md5 and plain text authentication is that the key string is unencrypted in plain text so it can be seen be anyone who can see or sniff the packet. So MD5 authtication is more secure. There is no point in not using MD5.

We will first configure MD5 authentication and see how just change of one word in MD5 authentication leads to plain-text authentication.

MD5 Authentication:

Step 1 : Configure key chain

R1(config)#key chain sandesh   ### 'sandesh' is the name of key chain which enables
                                                                authentication  for routing protocols.
R1(config-keychain)#key 1       ###Identifies an authentication key on a key chain.
R1(config-keychain-key)# key-string passpass    ###Specifies the authentication key string for a key
                                                                      in this case the key-string is 'passpass'

Step 2: Configure interface

R1(config)#int fa0/0
R1(config-if)#ip rip authentication mode md5
R1(config-if)#ip rip authenticaiton key-chain sandesh

Repeat the same configuration on the other router and the directly connected interface. Thats all you need to do for MD5 authentication.

Plain Text Authentication

To configure plain text authentication just change the configuration of the directly connected interfaces. Step 1 is same for both

Step 2: Configure interface

R1(config)#int fa0/0
R1(config-if)#ip rip authentication mode text
R1(config-if)#ip rip authenticaiton key-chain sandesh

To check the key chain in cisco route use the following command:

R1#show key chain
Key-chain sandesh:
    key 1 -- text "passpass"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]

In the above result we can see that the key 1 has two properties, accept lifetime and send lifetime.
These properties define the validiy of the key 1. It means that the key 1 is always valid.

Cisco routers provide the flexibility to configure multiple keys valid for different periods of time. This adds to the security of the rip updates.

Changing Validity of key in RIP

To change the validity of keys in RIP, we need to specifiy the start time of key validity and the end time or duration.

R2(config)#key chain sandesh
R2(config-keychain)#key 1
R2(config-keychain-key)#send-lifetime hh:mm:ss <1-31> MONTH <1993-2035> hh:mm:ss 
                                             <1-31> MONTH <1993-2035>  ### start time and end time

Instead of end time we can specify the duration in seconds as well

R2(config)#key chain sandesh
R2(config-keychain)#key 1
R2(config-keychain-key)#send-lifetime hh:mm:ss <1-31> MONTH <1993-2035> duration
                                                <1-2147483646> 

The other option is infinite which means that the key is valid as long as the key is there.

R2(config)#key chain sandesh
R2(config-keychain)#key 1
R2(config-keychain-key)#send-lifetime hh:mm:ss <1-31> MONTH <1993-2035> infinite

With this flexibility provided by cisco routers, we can have multiple keys for a pair of directly connected interfaces each valid at different period of time.

Configuring Password on Cisco Router

There are mainly three types of passwords that can be set on cisco routers.
To see the lines available in a cisco router we can use the following command.

sandesh#show line
   Tty Line Typ     Tx/Rx    A Roty AccO AccI   Uses   Noise  Overruns   Int
*    0    0 CTY              -    -    -    -      0       0     0/0       -
     1    1 AUX   9600/9600  -    -    -    -      0       0     0/0       -
   322  322 VTY              -    -    -    -      0       0     0/0       -
   323  323 VTY              -    -    -    -      0       0     0/0       -
   324  324 VTY              -    -    -    -      0       0     0/0       -
   325  325 VTY              -    -    -    -      0       0     0/0       -
   326  326 VTY              -    -    -    -      0       0     0/0       -
   327  327 VTY              -    -    -    -      0       0     0/0       -
   328  328 VTY              -    -    -    -      0       0     0/0       -
   329  329 VTY              -    -    -    -      0       0     0/0       -
   330  330 VTY              -    -    -    -      0       0     0/0       -
   331  331 VTY              -    -    -    -      0       0     0/0       -
   332  332 VTY              -    -    -    -      0       0     0/0       -
   333  333 VTY              -    -    -    -      0       0     0/0       -
   334  334 VTY              -    -    -    -      0       0     0/0       -
   335  335 VTY              -    -    -    -      0       0     0/0       -
   336  336 VTY              -    -    -    -      0       0     0/0       -
   337  337 VTY              -    -    -    -      0       0     0/0       -

The router I am using has an auxiliary port, a console port and 16 vty lines. Following are the passwords that can be set for these lines.

1. Auxiliary Password:
      This password is set for the auxiliary port of router which is located at the back of the router. The purpose of an auxiliary port is to connect an external modem to the router. This modem can be used to connect to the router for troubleshooting purposes should regular connectivity fail. Similary to console port, auxiliary port is also an asynchronous serial port with an RJ-45 interface. A rollover cable is used for connections.

CLI Commands for configuration:

Router(config)#line aux 0
Router(config-line)#password auxiliary
Router(config-line)#login

2. Console Password: 
        Router console ports are meant to allow root access to the router via a dumb terminal interface, regardless of the state of the router (unless it is completely dead). By connecting to the console port you can get remote access to the root level of a router without using the network that the router is connected to. This creates a secondary path to the router outside the bandwidth of the network which needs to be secured without relying on the primary network. A rollover cable is used for connections.

More info about physical connection here : https://www.youtube.com/watch?v=_xA94N__uzk

CLI Commands for configuration:

Router(config)#line aux 0
Router(config-line)#password console
Router(config-line)#login

3. VTY Password:
        This is used in vty lines. Whenever, there is a request to connect to these vty lines, the router ass for a password. A number of protocols can be used to connect to these vty lines. For eg: telnet and ssh. The protocols allowed depends on the cisco router series.

CLI Commands for configuration:

The simplese command include the following.

Router(config)#line vty 0 4
Router(config-line)#password remote
Router(config-line)#login

These commands set password for telnet access. When we try to telnet to the management ip of the router, the router asks for the password.
Eg: C:> telnet 8.8.8.8
       Password:
Configuration to ask for username in telnet access:
Now, if we want the router to ask for the username as well, we need to use the following commands.

Router(config)#username cisco password cisco
Router(config)#line vty 0 4
Router(config-line)#login local

The command login local forces the router to ask for username.

SSH Protocol configuration for VTY lines:

We can also configure to use ssh protocol for remote connections as telnet is not secure. Telnet uses plain-text to transport data to and from the router.

Step 1: Configure the domain name:

Router(config)#ip domain-name sandeshshrestha,net

Step 2: Generate RSA key

Router(config)#crypto key generate rsa
% Please define a hostname other than Router.
Router(config)#hostname sandesh
sandesh(config)#crypto key generate rsa
The name for the keys will be: sandesh.sandeshshrestha.net
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 510
% Generating 510 bit RSA keys, keys will be non-exportable...[OK]
sandesh(config)#
*Mar 1 2:53:22.782:  RSA key size needs to be at least 768 bits for ssh version 2
*Mar 1 2:53:22.782:  %SSH-5-ENABLED: SSH 1.5 has been enabled

Two interesting thing to note here:

1. It asks for a hostname other than Router.
2. The ssh verion enabled is 1.5 but there is not 1.5 version for ssh. This basically means that version 2 is not being used here. Instead its version 1. To configure version 2 of ssh, use the following command. Also, note that the rsa key should be at least 768 bits for version 2.

sandesh(config)#ip ssh version 2
Please create RSA keys (of at least 768 bits size) to enable SSH v2.

For reason mentioned above, it gives the error.

Step 3: Configure vty line

Router(config)#line vty 0 4
Router(config-line)#transport input ssh telnet  (allows both ssh and telnet)
Router(config-line)#password ssh
Router(config-line)#login local

Step4: Connect
To connect to vty line in router using ssh we do the following:

C:>ssh cisco@8.8.8.8
Password:

Dynamic Trunking Protocol

This protocol is used to negotiate trunk links between VLAN aware switches using dot1q or isl. The negotiation process will also determine which trunking protocol is used either dot1q or isl. By default no trunking protocol is configured on either end. ISL is configured if supported by each switch.

DTP advertieses VTP domain, the status of the interface and its DTP type. These packets are transmitted on the native VLAN every 60 seconds.

DTP should not be confused with VTP, as they serve different purposes. VTP communicates VLAN existence information between switches. DTP aids with trunk port establishment. Neither protocol transmits the data frames that trunks carry.


The following switch port mode settings exist:

Access — Puts the LAN port into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. The LAN port becomes a nontrunk port even if the neighboring LAN port does not agree to the change.

CLI command: switchport mode access

Trunk — Puts the LAN port into permanent trunking mode and negotiates to convert the link into a trunk link. The LAN port becomes a trunk port even if the neighboring port does not agree to the change.

CLI command: switchport mode trunk

Dynamic Auto — Makes the LAN port willing to convert the link to a trunk link. The LAN port becomes a trunk port if the neighboring LAN port is set to trunk or desirable mode.

CLI command: switchport mode dynamic auto

Dynamic Desirable — Makes the LAN port actively attempt to convert the link to a trunk link. The LAN port becomes a trunk port if the neighboring LAN port is set to trunk, desirable, or auto mode. This is the default mode for all LAN ports.

CLI command: switchport mode dynamic desirable

Nonegotiate — Puts the LAN port into permanent trunking mode but prevents the port from generating DTP frames. You must configure the neighboring port manually as a trunk port to establish a trunk link.

CLI command: switchport mode nonegotiate

Port Security in Cisco Switches

Switch port security restricts the number of mac-addresses that are able to send or receive packets. Any incoming packet from other device is discarded by the switch.

If the maximum number of secure mac-addresses has been reached, a security violation occurs when a device with a different mac address tries to attach to that port.

The command to configure number of mac-addresses is:

switchport port-security maximum
The maximum number of secure mac-addresses allowed is 132.


Types of secure mac-addresses:

1. Static secure mac-address: Configured manually using the switchport port-security mac-address command. These mac-addresses are stored in the address table and in the running configuration of the switch.

2. Dynamic secure mac-address: These are dynamically learned by the switch and stored in the dynamic mac-address table. These are removed when the switch restarts. Only command required for this type is switchport port-security. The default behaviour is to allow only one mac-address and shutdown for violation.

3. Sticky secure mac-address: Like dynamic secure mac-address they are learned dynamically but are saved in running configuration. For eg: If the maximum is 1, the learn hardware to connect to the switch is the secure device and the switch learns the mac- address and saves it to the running configuration. Since, the mac-addresses are saved in running config, the mac-addresses remain intact if the config is saved to startup-config.


Depending on the action you want a switch to take when a security violation occurs, you can configure the behavior of a switch port to one of the following:

Protect – when the maximum number of secure MAC addresses has been reached, packets from devices with unknown source addresses are dropped until you remove the necessary number of secure MAC addresses from the table. In this mode, you are not notified when a security violation occurs.Shutdown
Restrict – is identical with protect mode, but notifies you when a security violation occurs. Specifically, a SNMP trap is sent, a syslog message is logged and the violation counter increments.

Shutdown – this is the default behavior on a switch. In this mode, the switch ports shuts down when the violation occurs. Also, a SNMP trap is sent and the message is logged. You can enable  the port again with the no shutdown interface configuration command.


CLI Commands:

For dynamic:

Switch(config)#interface FastEthernet 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security

For Sticky:

Switch(config)#interface FastEthernet 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config)if)#switchport port-security maximum 10
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security violation restrict

To see all port security configuration for the switch port use this command:

show port-security int fa0/1

VTP Basics

VLAN Trunking Protocol(VTP) allows switches to share VLAN information automatically. Thus an administrator only need to change VLAN on one switch which will be propagated to all switches. However, this does not reduce the need to assign switchports to different VLANs.

A VTP domain can only support 255 vlans. A switch is enabled in server mode by default. VTP advertisements are sent every 5 minutes by default or when there is a change in configuration revision number caused by addition or deletion of vlans.

VTP Modes:

Server Mode - In VTP server mode you can create, modify and delete vlans. VLAN information is synchronized with other VTP servers and clients on the VTP domain. You can have multiple VTP servers in the VTP domain and VLAN information is synchronized according to the server with the highest configuration revision number. VLAN information is stored in the the vlan.dat file in NVRAM/Flash memory.

Client Mode - Switches in VTP client mode receive and synchronize VLAN database information from other VTP servers and VTP clients in the VTP domain. A VTP client can update a VTP server if it has a higher configuration revision number. VLAN information is stored in the "Running-Config" or DRAM. If a switch in client mode is restarted then all VLAN information, including the VTP revision number on the switch is lost and must be relearned from the VTP server once the client has restarted.

Transparent Mode - Switches in transparent mode receive updates from other servers and clients but do not participate in the VTP Domain, rather they allow the VTP updates and advertisements, to pass through the switch on to other switches in the VTP domain. Transparent mode switches do not synchronize their VLAN information with other VTP servers and clients, but maintain their own separate VLAN configurations.


VTP Configuration Commands:


This command shows the vtp status like vtp version, configuration revision number, number of vlans, etc.

Switch# show vtp status

This configures the domain name of vtp. There can be more than one domain in a topology. VTP does not work across domains i.e. if the client is in a different domain than server, it does not learn about vlan from the server.

Switch(config)# vtp domain
Changing VTP domain name from NULL to


Switch(config)# vtp mode

To make two switches talk to one another, the ports connecting them should be in trunk mode. Either of the ports can be configured to trunk mode and the other will be automatically be in trunk mode as the ports are in dynamic-auto mode.

Switch(config)#int fa0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport  trunk allowed vlan 1-99

Now go to the other switch and configure vtp client mode using the vtp domain and vtp mode command.

How to clear switch for new configuration

1. Connect to the console port and enter priviliged EXEC mode.

From your computer terminal connect to the console port of the switch using a console cable. You should see the console prompt that includes the switch's hostname followed by > or #.

If the prompt ends in > you are in user mode. To enter priviliged EXEC mode, type enable.

2. Delete the VLAN database file.

Switch#delete flash:vlan.dat
Delete flash vlan.dat ? [confirm]
Switch#

3. Erase the start-up config from nvram


The startup configuration of switches can be removed using the erase-start up config command.

Switch# erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm]
[OK]
Erase of nvram: complete
Switch#
Switch# reload

Pointers and Arrays

Pointers and arrays are intricately linked in the C language.

For Eg:

int nValue[5]={1,2,3,4,5};

So, when we print

cout << nValue, the outupt is the address of  first element of nValue.
Therefore, we can say that nValue is a pointer that points to the first element of any array.

Thus, cout << nValue++ will be address of second element of nValue.

Also,

cout << *nValue will print the first element of nValue. This is called dereferencing pointers.e
and cout << *(nValue+1) will print the second element of nValue. Parentheses are used to ensure operator precedence is correct. Operator * has higher preference than +.


Also look at the following progam which uses the concept explained above.

#include <iostream>
using namespace std;

int main(){

const int nArraySize = 7;
char szName[nArraySize] = "Mollie";
int count=0;
for (char *pnPtr = szName; pnPtr < szName + nArraySize; pnPtr++)
{
   
    if(*pnPtr!=NULL){
  count++;   }
}

cout << szName << " has " << count << " alphabets" << endl;
}