Modify the switch parameters through the Web browser

When using Console for switch set IP Huawei MSTP address information and enable the HTTP service, you can access the switch by supporting the JAVA Web browser, all kinds of parameters, and through the Web browser through the modification of switches and manage the switch. In fact, through the Web interface, can be many important parameters of the switch to modify and settings, and running state real-time view switch. But before the access switches useWeb browser, shall confirm the already prepared to do the following work:

EXT-INDENT: 2em "> in for the installation of TCP / IP protocol management computer, and in the computer and managed switches has been configured IP address information.

· to support JAVA installation management computer in the Web browser, such as InternetExplorer version 4 and above, Netscape version 4 and above, and Oprea with JAVA.

· in managed switches built with admin user account and password.

· managed switch Cisco IOS support for HTTP services, and has enabled this service.Otherwise, we should upgrade the Cisco IOS through the Console port or HTTP enabledservices.

By way of a Web browser configuration methods are as follows:

The first step: the computer is connected to a common port of the switch, running the Webbrowser on the computer. Managed switch IP address type in the browser "address" field(such as 61.159.62.182) or for the name of the specified. Click the enter button, the pop-updialog box as shown below.

The second step: in the "username" and "password" box, type the user name and passwordwith management authority. The username / password to advance through the Console portsettings.

Step third: click the "set" button, you can establish a connection with the managed switch,display switch management interface in the Web browser. As shown in the following illustration page with Cisco Catalyst 1900 after the connection is established, displayed in a Web browser configuration interface. First of all to see is required to enter a user ID and password, then you enter in the above set has a good switch configuration super user account and password to enter the system.

Next, you can through the Web interface tips, various parameters and running step by stepcheck switch, and can make the necessary Huawei WDM changes to some parameters of the switch.

How to do: forget router password and account number?

1 Router port scanning.

Scanning router port to router security, OSN 6800 network management is usually the default port router(80) to change it, so the first step we crack the router password is must find the router wEBport management.

If the router UPnP (universal plug and play, is a general term for a group of protocol) functionis turned on (usually the router by default UPnP is turned on), then the router will open a L900 port.

We use TP Link router as an example, as long as the open http://192.168.1.1:l900/igd.xml router view the http://192.168.1.1:80808080 is the router wEB login port.

If the UPnP is management closed the case, then we can only scan tool to scan. Open the Xscan, enter the IP address 192.168.1.1

Select "in the scanning module open service", in the "plugin settings" "port settings" in the range of 1 - 65350 input ports, determined, and then click the scan. The scanning speed of X- Scan soon, soon can scan a router port.

2 Brute force attack on router password.

Crack the router password I introduce a more powerful function of router softwareWebCrack4.0 open WebCrack4.0 interface selection user dictionary file in the "user namefiles" column in the "dictionary, using the user name" tab and select password file, enter thewEB address router management http://192.168.1.1:8080 in URL admin, fill in name, is that the user name first from the admin then only by brute force.

Brute force to use tools: 1:WebCrack4 2:superdic. of course to use brute force password dictionary, in fact, you can also go to the other configuration dictionary, may be used to codeall the writing, or using the above tools 2 generates a password dictionary, and then began tobreak the solution.

Router password if can not crack, have to think of other ways. Using UPnP bit elves have a look can be mapped out. Breaking the Internet router password estimation is unlikely. Unless one lazy to even the default router password management haven't changed. OSN 8800 If can enter thenetwork neighborhood, you can connect with VPN.

More: http://haiong.eklablog.com/

The difference between the fourth layer switch and other switch

The difference

The second layer exchange to achieve Huawei Transmission rapid exchange of information between the host in LAN, the third layer switching can be said to be the perfect combination of switching androuting technology, and the fourth layer exchange technology can provide optimal allocationof network resources, to achieve application service quality of service, load balance and safety control. The four layer switching and not to replace the who, in fact, the two layer exchange now Keng Wei and the three layer exchange has been integrated into the four layer switching technology.

The second layer switch, is to complete end - to end according to the second layer data link layer of the MAC address and MAC address table data exchange. The second layer switchonly identification data frame in the MAC address, and directly according to MAC address forwarding, very easy to use ASIC chip.

Solutions of second layer switch, is a "everywhere exchange" program, although the scheme can subnet, limit the broadcast, the establishment of VLAN, but its control ability is small,lack of flexibility, can not control the flow, the lack of the routing function.

The third layer switch, is to complete the end to end IP address according to the networklayer third layer data exchange, mainly used in different VLAN subnets route. The first data asa source of information flow is the third layer exchange (routing), the switch will have an MAC address and IP address mapping table.

And the table is stored as a source of information, follow-up data flow again into the switch,the switch will be produced for the first time and save the address mapping table, directly from the second layer consists of a source address is transmitted to the destination address, not after third routing system, improve the efficiency of data packet forwarding,solving the bottleneck of VLAN sub network transmitting information between the traditionalrouter.

The fourth layer switch can not only complete end-to-end exchange, also based onapplication characteristics of port host, determine or restrict traffic exchange it. Simply put,the fourth layer switch is based on the exchange of data packet transmission layer, is a new type of LAN switch exchange needs of the user application of TCP/IP protocol in application layer.

Layer fourth switches support TCP/UDP agreement of all the fourth layer below, can be to distinguish between types of application data packets according to the TCP/UDP port number, so as to realize the application level access control and guaranteed quality of service. You can view the third layer data of Baotou source and destination addressescontent.

You can take appropriate action based on observed information, bandwidth allocation, fault diagnosis and the TCP/IP application data stream is the key function of access control. The fourth layer switch through the task distribution and load balancing network optimization, and provide detailed statistics and accounting information, so as to solve the network congestion,network management and network security problem in the application level, so that the network is intelligent and management.

The four layer switching technology.

Fourth layer OSI network reference model is the transport layer. The transport layer is responsible for end to end communication, namely coordination communication betweennetwork source and target system. In the IP protocol stack which is TCP (transmission control protocol) and UDP (User Datagram Protocol) protocol layer is.

TCP and UDP contains the port number, it can only distinguish each packet contains whatapplication protocol (such as HTTP, FTP, telnet etc.). Additional information the TCP/UDP port number can be provided for the use of the network switches, four layer switch using thisinformation to distinguish between packages in the data, which is the foundation of the fourthlayer exchange

The main function of four layer switch as follows:

1: in the traditional packet filtering router, using fourth layers of information port number to define access control list filtering rules. The four layer exchange also borrowed the concept of control list, but and software based router is not the same, the fourth layer switching is implemented in a dedicated high speed ASIC chip, thereby filtering control line speed.

2 quality of service: TCP/UDP fourth layer information can also be used to build application communication priority. The fourth layer exchange allowed to use based on the port(application) to prioritize, set the priority queue, ensure that the important traffic (such as:VOIP, video) in treatment of the fastest, the high level service to emergency applicationnetwork.

3 load balancing: the fourth layer switching load balancing principle, is to exchange virtual connection in accordance with the IP address and TCP port, directly to the corresponding port to send data packets to the destination computer. The fourth layer exchange capacityswitch, can be used as a hardware load balancers, complete the server load balance.

The fourth layer switching based on hardware chip, so the performance is very excellent,especially for the network transmission speed, exchange is much faster than ordinary packet forwarding. The fourth layer switch equipment, all cluster host layer fourth switches and external connected with Internet, external customer calling server through the fourth layer switch dynamic distribution server, realize the dynamic load balance, when a server fails, the exchange dynamics will all flow distribution to other hosts in the cluster.

4 host standby connection: provides redundant connection host standby connection portequipment, thus effectively protection system in the switch failure, this service allows you to define the main switch, the same as the virtual server definition, they have the sameconfiguration parameters.

The fourth layer switch sharing the same MAC address, backup switch receives and the main unit all the same data. Communication content which makes backup switches to monitor the main switch service. The main switch continued to inform backup switch fourthlayers of the relevant data, MAC data and its power status. The main switch failure, the backup switch will automatically take over, don't interrupt conversation or connection.

The 5 statistic and report: the query layer fourth packet, layer fourth switches can providemore detailed statistics record. Because the administrator can collect more detailed which IP address in the communication of information, and even to collect information related tocommunication according to which an application layer service communication.

When the server to support multiple services, these statistics is especially effective for load of each application investigation on the server. Statistical service increased for the use of the switch server load balancing service connection is also very useful. Contains detailed real-time reporting and record report, comprehensive report provides a full grasp of the bandwidth resources for the administrator, so that enterprises can make better business decisions.

Layer fourth switches have a common name is "Application Switch" in the industry, the more famous the following paragraph: the United States F5's BIG-IP 2400 series link application switch can be customized load balancing, traffic priority, policy based on the flow guide,source, destination and the application of exchange.

Application of switch Web Server Director Radware can be completely available, the serverswarm optimization operation security and comprehensive security, so as to ensure theapplication of network and data center range it can achieve high reliability and performance.The United States of America Foundry company ServerIronGT-C2404F application switchcan achieve global server load balancing, load balance and high performance CSHD VPN/ firewall,transparent cache, exchange, link load balance, the anti DoS attack protection server.

More information, please view: http://www.huanetwork.com

Two ways to improve the WAN security architecture

For the improvement of the WAN security architecture, AR3200 IT professionals who have sustained pressure. They need to support and enhance the efficiency of the staff, at the same time,against the increasingly complex threats, but also did not significantly increase the cost.

Why do you need to change the WAN security architecture?

There are some trends forcing enterprises to timely adjust fully to the WAN securityarchitecture. The first is to change the staff position and behavior. Branch office employeesless, and with the advent of new collaboration tools and mobile applications, employees can more easily remote office. In addition, there are about 70% enterprises use BYODprocurement model in different extent, forcing the security personnel to the protection andmanagement of enterprise data point of view to consider security issues, and not from the point of equipment.

Secondly, more and more enterprises use cloud computing solutions, there are about 1/4 to1/3 of the enterprise service is in the use of infrastructure (IaaS) or platform as a service(PaaS) cloud solutions. This enables network traffic from internal circulation (from the user to the enterprise data center) into the external transmission (from the user to the cloud).Therefore, many enterprises are using a direct network branch network to replace its return branch network architecture.

The result? IT professionals need to consider other ways to provide WAN based on commonsecurity policy.

Choose one: combined with WAN optimization and the existing security

A potential alternative method is combined with WAN optimization and branches of the security. This requires enterprises to re-examine the traditional method of Internet connectedto the branch site. The conventional method to combine MPLS services or return branch(make sure the site to site connected security) and WAN optimization controller for each branch. At the same time, safe to handle in the data center by the enterprise gateway, the gateway has a firewall, network intrusion prevention, anti-virus and anti spam (AV/AS), VPN,content filtering and data leak prevention (DLP) and other functions.

The advantage of this method is that, it to all site provides security agreement, and IT still firmly in control of policy change. However, the shortcoming is: cost. Safety equipment ITneed to pay for all the equipment and data center of branches (plus annual software maintenance costs), as well as the management and maintenance of these equipmentinternal operating costs (labor). Finally, enterprises also need to pay two times the Internet and cloud computing flow transmission and service cost: one is through the WAN return, andthrough the Internet transmission flow.

The solution method using direct networking start?. In this framework, the enterprise willfunction integration to a branch device -- combining WAN optimization function and the traditional security functions (above) and Unified Threat Management (UTM). They through the most direct way to route traffic to its final destination: Internet traffic to cloud computing,data center traffic through private WAN return. Blue Coat, Cisco, juniper, Riverbed vendorsprovide such equipment.

Choose two: optimization of WAN security service

But these methods still need to internal IT professional management of enterpriseequipment, and all the related headache. More long-term solutions will be WAN optimization and security as a cloud service. Although many operators have a separate WAN optimizationas a service and security services, but they have failed to provide a comprehensive solution.And, the operator still reluctant to allow customers to modify the configuration in the network,this means that when transferred to these services, IT professionals lost the response speed and control a certain degree of.

However, the integration of WAN secure cloud services are booming. Nemertes research forecasts, this cloud services will be widely used in the 36 months to 24 months. At the same time, IT professionals should consider WAN optimization and Huawei NE40E security services usebranches to ensure its architecture can stand the test of time.

More information about switch and router, please view :http://jkemma990.wordpress.com/

How to reduce radio interference to Huawei router

1, Detection

(1) the wireless interference detection MA5633 we can use to provide access to services of AP to scan, also can through the special equipment is composed of the network, positioning handheld RF equipment, precise positioning network or a small range is generally applicable to small, and large network, the generalneed to deploy special network to monitor.

(2) wireless interference is continually monitor the empty signal,when the empty signal energy exceeds a certain value, then the FFT transform, and further output to the wireless receiver and various recognizer,the former judge whether the wireless signal interference, and further analysis of MAC information, which determine the type of non wireless interference source

2, Cut

The characteristics of wireless interference reduction technique is to further improve the entire network from the 802.11 message transmission or wirelessnetwork integrated coordination and other details, to reduce the mutual interference, also have very good effect on improving the performance of the wireless network.

(1) packet power

Packet power control and RRM dynamic adjustment of AP power's goal, is to reduce the same frequency interference between AP. H3CAP sending eachmessage, will transmit power according to the Client RF state to adjust the current message. The square dance remind packet power control to minimize the effects of signal transmission range, but also ensure the coverage of AP.

(2) message sending

Calculation of each packet sending rate packet sending rate adjustment isdynamic, the rate adjustment algorithm according to the different environment,this is due to the high density environment, message sending failed is generally caused by message conflict, by sending message very low, will only lead to the sending port length becomes longer, the scope of influence larger,resulting in greater conflict possible, by other AP also further reduce thesending rate, which makes the whole network in the low performance.

(3) load balancing

Load balancing technology is different from the load balancing technology issimple, the wireless controller will be judged according to the position of Client,192.168.1.1 only in the overlap region of two AP Client starts the equilibrium,let the Client access to the light load AP. Intelligent load balancing can reduce the load of single AP, thereby reducing the conflict percentage of every Clientunder the AP.

Detection and localization of wireless interference has been able to centralized monitoring and management, network management personnel in general can easily finish. The future with the development of wireless transmission systemand other hardware technology, wireless interference there will be a way toovercome more, users will get more perfect wireless experience.

rted-sp � & b �]K L >port based onHybrid

Mac-vlan mac-address xxxx-xxxx-xxxx VLAN XX (VLAN and priority of the corresponding MAC address configured)

Interface port link-type hybrid views

Port hybrid VLAN XX XX untagged (allows you to specify the VLAN through theHybrid port)

Mac-vlan enable (open port MAC VLAN function)

The basic configuration of GVRP

[Switch]gvrp (open global GVRP function) [Switch-ethernet1/1] GVRP (portGVRP)

Must first open the global GVRP function, can open the port function of GVRP(must be trunk port)

Configure the GVRP timer

[Switch]grap timer leaveall (default 1000 seconds)

[Switch-ethernet1/1] GVRP timer {hold 10 |join MA5669 20 |leave per second persecond 60 seconds}

More information, please view: http://www.huanetwork.com