Port Security in Cisco Switches

Switch port security restricts the number of mac-addresses that are able to send or receive packets. Any incoming packet from other device is discarded by the switch.

If the maximum number of secure mac-addresses has been reached, a security violation occurs when a device with a different mac address tries to attach to that port.

The command to configure number of mac-addresses is:

switchport port-security maximum
The maximum number of secure mac-addresses allowed is 132.


Types of secure mac-addresses:

1. Static secure mac-address: Configured manually using the switchport port-security mac-address command. These mac-addresses are stored in the address table and in the running configuration of the switch.

2. Dynamic secure mac-address: These are dynamically learned by the switch and stored in the dynamic mac-address table. These are removed when the switch restarts. Only command required for this type is switchport port-security. The default behaviour is to allow only one mac-address and shutdown for violation.

3. Sticky secure mac-address: Like dynamic secure mac-address they are learned dynamically but are saved in running configuration. For eg: If the maximum is 1, the learn hardware to connect to the switch is the secure device and the switch learns the mac- address and saves it to the running configuration. Since, the mac-addresses are saved in running config, the mac-addresses remain intact if the config is saved to startup-config.


Depending on the action you want a switch to take when a security violation occurs, you can configure the behavior of a switch port to one of the following:

Protect – when the maximum number of secure MAC addresses has been reached, packets from devices with unknown source addresses are dropped until you remove the necessary number of secure MAC addresses from the table. In this mode, you are not notified when a security violation occurs.Shutdown
Restrict – is identical with protect mode, but notifies you when a security violation occurs. Specifically, a SNMP trap is sent, a syslog message is logged and the violation counter increments.

Shutdown – this is the default behavior on a switch. In this mode, the switch ports shuts down when the violation occurs. Also, a SNMP trap is sent and the message is logged. You can enable  the port again with the no shutdown interface configuration command.


CLI Commands:

For dynamic:

Switch(config)#interface FastEthernet 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security

For Sticky:

Switch(config)#interface FastEthernet 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config)if)#switchport port-security maximum 10
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security violation restrict

To see all port security configuration for the switch port use this command:

show port-security int fa0/1

VTP Basics

VLAN Trunking Protocol(VTP) allows switches to share VLAN information automatically. Thus an administrator only need to change VLAN on one switch which will be propagated to all switches. However, this does not reduce the need to assign switchports to different VLANs.

A VTP domain can only support 255 vlans. A switch is enabled in server mode by default. VTP advertisements are sent every 5 minutes by default or when there is a change in configuration revision number caused by addition or deletion of vlans.

VTP Modes:

Server Mode - In VTP server mode you can create, modify and delete vlans. VLAN information is synchronized with other VTP servers and clients on the VTP domain. You can have multiple VTP servers in the VTP domain and VLAN information is synchronized according to the server with the highest configuration revision number. VLAN information is stored in the the vlan.dat file in NVRAM/Flash memory.

Client Mode - Switches in VTP client mode receive and synchronize VLAN database information from other VTP servers and VTP clients in the VTP domain. A VTP client can update a VTP server if it has a higher configuration revision number. VLAN information is stored in the "Running-Config" or DRAM. If a switch in client mode is restarted then all VLAN information, including the VTP revision number on the switch is lost and must be relearned from the VTP server once the client has restarted.

Transparent Mode - Switches in transparent mode receive updates from other servers and clients but do not participate in the VTP Domain, rather they allow the VTP updates and advertisements, to pass through the switch on to other switches in the VTP domain. Transparent mode switches do not synchronize their VLAN information with other VTP servers and clients, but maintain their own separate VLAN configurations.


VTP Configuration Commands:


This command shows the vtp status like vtp version, configuration revision number, number of vlans, etc.

Switch# show vtp status

This configures the domain name of vtp. There can be more than one domain in a topology. VTP does not work across domains i.e. if the client is in a different domain than server, it does not learn about vlan from the server.

Switch(config)# vtp domain
Changing VTP domain name from NULL to


Switch(config)# vtp mode

To make two switches talk to one another, the ports connecting them should be in trunk mode. Either of the ports can be configured to trunk mode and the other will be automatically be in trunk mode as the ports are in dynamic-auto mode.

Switch(config)#int fa0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport  trunk allowed vlan 1-99

Now go to the other switch and configure vtp client mode using the vtp domain and vtp mode command.

How to clear switch for new configuration

1. Connect to the console port and enter priviliged EXEC mode.

From your computer terminal connect to the console port of the switch using a console cable. You should see the console prompt that includes the switch's hostname followed by > or #.

If the prompt ends in > you are in user mode. To enter priviliged EXEC mode, type enable.

2. Delete the VLAN database file.

Switch#delete flash:vlan.dat
Delete flash vlan.dat ? [confirm]
Switch#

3. Erase the start-up config from nvram


The startup configuration of switches can be removed using the erase-start up config command.

Switch# erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm]
[OK]
Erase of nvram: complete
Switch#
Switch# reload

Pointers and Arrays

Pointers and arrays are intricately linked in the C language.

For Eg:

int nValue[5]={1,2,3,4,5};

So, when we print

cout << nValue, the outupt is the address of  first element of nValue.
Therefore, we can say that nValue is a pointer that points to the first element of any array.

Thus, cout << nValue++ will be address of second element of nValue.

Also,

cout << *nValue will print the first element of nValue. This is called dereferencing pointers.e
and cout << *(nValue+1) will print the second element of nValue. Parentheses are used to ensure operator precedence is correct. Operator * has higher preference than +.


Also look at the following progam which uses the concept explained above.

#include <iostream>
using namespace std;

int main(){

const int nArraySize = 7;
char szName[nArraySize] = "Mollie";
int count=0;
for (char *pnPtr = szName; pnPtr < szName + nArraySize; pnPtr++)
{
   
    if(*pnPtr!=NULL){
  count++;   }
}

cout << szName << " has " << count << " alphabets" << endl;
}

Laptop directly boots into Windows even after installing Ubuntu

In some laptops mainly in HP, even after you install Ubuntu, laptop directly boots into Windows without giving any boot menu.

To get the boot menu perform the following steps.

1. Restart your laptop holding down the F2 or F10 (depending on the brand) to get the System SetUp      Utility.

2. In the boot options, choose to boot from USB. Save and Exit(Press F10) the set up.

3. Keep the USB connected to the laptop, so it will boot into Ubuntu giving the grub menu for        Ubuntu. Select Try Ubuntu(First Option).

4. When the desktop appears, open a terminal using the Ctrl+ Alt + T keys.

5. In the terminal run the following commands one by one.

sudo add-apt-repository ppa:yannubuntu/boot-repair
sudo sh -c "sed -i 's/trusty/saucy/g' /etc/apt/sources.list.d/yannubuntu-boot-repair-trusty.list"
sudo apt-get update
sudo apt-get install -y boot-repair && boot-repair
 
           

Click on the "Recommended repair".
6. You might get a message stating "EFI is detected". This is just an informational message because it is perfectly fine to install Ubuntu with EFI turned on.

7. After clicking "OK" to the EFI detected message the utility performed a few tasks and then asks to select some text and run it in a terminal window.

8. If you are asked to do this open a new terminal window using Ctrl+ Alt + T keys. Copy the text from the boot repair window and run the commands one by one.Make sure all the commands have run correctly.

9. Now click on the "Forward" button within the boot repair application. You may be asked to copy and paste more text.
Repeat the process of selecting all the text, press CTRL and C and then right click in the terminal window and select paste.
Make sure the commands run.

Keep following through on the process until the boot repair finishes.
If you are lucky enough then at the very end of the process you will see a message stating that boot repair completed without errors.
Reboot your computer. You'll get the boot menu.

File Operations in C++

The header file which contains the library for file operations is fstream.
 Be sure to include this line at the top.

C++ provides the following classes to perform output and input of characters to/from files:

ofstream: Stream class to write on files
ifstream: Stream class to read from files
fstream: Stream class to both read and write from/to files.

#include <iostream>
#include <string>
#include <fstream>
using namespace std; int main() {

  fstream myfile;                                                 

  string data;

  

  myfile.open ("B-large-practice.in");                             

  getline(myfile,data);                                                          

  cout << data<< endl;

  while(!getline(myfile,data).eof()){

 

  int no_of_cases=data.length();

  cout << no_of_cases<

  

  }

  myfile.close();                         

getchar();

return 0;

}

Background color not appearing in div element

A floating element doesn't affect the size of the parent, unless the parent specifically contain the children using the overflow style.

Your outer div has the same background colors as the child divs, but the height of the parent is zero, so you don't see its background.

div { background: #ccc; overflow: hidden; }