Wednesday, August 19, 2015

Cisco - DMVPN Explained + GNS3 Lab

DMVPN (dynamic multipoint virtual private network) is a design approach that allows full mesh connectivity with the use of multipoint GRE tunnels. DMVPN itself is not a protocol but rather it is a design approach that consists of the following technologies:

  1. NHRP (next-hop resolution protocol)
  2. mGRE(multipoint GRE)
  3. Routing protocol
  4. IP sec encryption (optional)

Most of these technologies are familiar to networking professionals, except for the NHRP protocol. NHRP is a resolution protocol that behaves like ARP. In an NHRP environment, there are two roles, the NHS (next-hop server) and the NHC (next-hop client). The NHCs register themselves with the NHS and provide information, such as their logical VPN IP addresses and the physical NBMA mapping. The NHCs also request information from the NHS about how to reach the other NHCs by learning the logical IP to NBMA mapping information. NHRP was used before in the legacy overlay VPN environment particularly in building frame-relay SVCs (switched virtual circuits). Today the protocol is used in the DMVPN environment as well using the same behavior.

DMVPN is typically deployed using MPLS and Internet services because DMVPN has the capability to build dynamic tunnels to other spokes or branches without going through the hub site. This makes efficient use of the full mesh topologies mentioned above. If DMVPN is deployed using the Internet, the hub router requires a static public IP address as this will be configured in the NHC routers as the NHS IP address. The spokes don’t require a static public IP address as a tunnel source because they will report their physical IP to logical mappings to the NHS or the hub. In an MPLS environment, using the IP address of the Loopback is an acceptable design. DMVPN provides zero-touch configuration on the hub router if a new spoke is added.

DMVPN has so far three phases of evolution: Phase 1 had only hub-and-spoke, in Phase 2 direct spoke-to-spoke capability for DMVPN was added, and Phase 3 has features that help a hierarchical DMVPN design scale better through the use of NHRP Shortcut and other enhancements. Our lab will focus on more on Phase 2.

In this GNS3 Lab, we will have the following tasks below. Verification will be done for each of the steps.

  1. Configure DMVPN on the hub router R1.
  2. Configure spokes R2, R3 and R4.
  3. Configure EIGRP as the routing protocol and enable spoke-to-spoke tunnels. Add Loopback10 to each of the routers and announce it in EIGRP.
  4. Configure encryption.

Below are the physical and logical diagrams.

clip_image001

Figure 1. Network Topology

clip_image002

Figure 2. DMVPN Topology

 

Task 1: Configure DMVPN on the Hub Router R1

The MPLS router in the GNS3 topology has already been pre-configured to peer with all the routers using BGP. The routers in this topology are already announcing their Loopback0s through BGP. Before proceeding with the configuration, let’s check if we can see the loopback IP addresses of all the routers from R1.

R1#sh ip bgp
BGP table version is 5, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*> 2.2.2.2/32 15.15.15.5 0 65000 65002 i
*> 3.3.3.3/32 15.15.15.5 0 65000 65003 i
*> 4.4.4.4/32 15.15.15.5 0 65000 65004 i


Then we configure Tunnel100 with the DMVPN configuration for hub routers.

R1(config)#int tun100
R1(config-if)#ip add 10.1.1.1 255.255.255.0
R1(config-if)#ip nhrp map multicast dynamic
R1(config-if)#ip nhrp authentication cisco
R1(config-if)#ip nhrp network-id 100
R1(config-if)#tunnel source Loopback0
R1(config-if)#tunnel mode gre multipoint
R1(config-if)#tunnel key 100


Let’s break down the commands one by one.

  • ip nhrp map multicast dynamic: Normally this is configured in the hub routers to allow NHRP to automatically add routers to the multicast NHRP mappings so a static mapping is not required any more for each of the spokes. This command also enables routing protocols to work over the mGRE.
  • ip nhrp authentication <string>: This is an optional command. All the routers with NHRP within the same DMVPN network must have the same string or password.
  • ip nhrp network-id <number>: This is a required command to start NHRP. All routers in the same NHRP network should have the same network-id. This can also be used along with the “tunnel key” command to segregate different DMVPN networks using the same interface/ IP address as the tunnel source.
  • tunnel source Loopback0: This is the “physical” or real IP address which the tunnel should be sourced from. In the typical GRE configuration, a tunnel destination is required, but in DMVPN the tunnel destination is resolved through NHRP.
  • tunnel mode gre multipoint: Sets the GRE tunnel to behave as a multipoint tunnel.
  • tunnel key <number>” Like “ip nhrp network-id,” this allows separation of DMVPN networks using the same interface/ IP address as the source of the tunnel. This was mandatory in the previous IOS versions but, for the most recent ones, the DMVPN tunnel can come up without this command.

 

Task 2: Configure Spokes R2, R3 and R4

Let’s proceed to configure DMVPN on the spokes and explain each command later. The spokes will have a different command set than that of the hub.

R2(config)#interface Tunnel100
R2(config-if)# ip address 10.1.1.2 255.255.255.0
R2(config-if)# ip nhrp map multicast 1.1.1.1
R2(config-if)# ip nhrp map 10.1.1.1 1.1.1.1
R2(config-if)# ip nhrp nhs 10.1.1.1
R2(config-if)# ip nhrp network-id 100
R2(config-if)# ip nhrp registration timeout 60
R2(config-if)# ip nhrp holdtime 120
R2(config-if)# ip nhrp authentication cisco
R2(config-if)# tunnel source Loopback0
R2(config-if)# tunnel mode gre multipoint
R2(config-if)# tunnel key 100


R3(config)#interface Tunnel100
R3(config-if)# ip address 10.1.1.3 255.255.255.0
R3(config-if)# ip nhrp map multicast 1.1.1.1
R3(config-if)# ip nhrp map 10.1.1.1 1.1.1.1
R3(config-if)# ip nhrp nhs 10.1.1.1
R3(config-if)# ip nhrp network-id 100
R3(config-if)# ip nhrp registration timeout 60
R3(config-if)# ip nhrp holdtime 120
R3(config-if)# ip nhrp authentication cisco
R3(config-if)# tunnel source Loopback0
R3(config-if)# tunnel mode gre multipoint
R3(config-if)# tunnel key 100


R4(config)#interface Tunnel100
R4(config-if)# ip address 10.1.1.4 255.255.255.0
R4(config-if)# ip nhrp map multicast 1.1.1.1
R4(config-if)# ip nhrp map 10.1.1.1 1.1.1.1
R4(config-if)# ip nhrp nhs 10.1.1.1
R4(config-if)# ip nhrp network-id 100
R4(config-if)# ip nhrp registration timeout 60
R4(config-if)# ip nhrp holdtime 120
R4(config-if)# ip nhrp authentication cisco
R4(config-if)# tunnel source Loopback0
R4(config-if)# tunnel mode gre multipoint
R4(config-if)# tunnel key 100

Let’s break down and discuss each of the commands.

  • ip nhrp map multicast <1.1.1.1>: To put it simply, this command adds the NBMA address, in our case the loopback address of R1, to be a recipient of multicast/broadcast traffic coming from this spoke. The source IP address of the hub router’s DMVPN tunnel is configured as well as the other hub IP address if the design should go for multiple hubs.
  • ip nhrp map <10.1.1.1> <1.1.1.1>: To put it simply, this command states that 1.1.1.1 is the NBMA or real IP address of R1’s tunnel IP address of 10.1.1.1.
  • ip nhrp nhs <10.1.1.1>: This basically tells the router that the NHS is 10.1.1.1. This is the tunnel IP address of the hub router R1 in our example. The router will know who to consult to if it wishes to form a spoke-to-spoke tunnel. Multiple NHS configurations can be made if there are multiple hubs in the DMVPN network.

The rest of the NHRP commands are self-explanatory. The network-id and tunnel key in the spokes should match what is configured in the hub router.

 

Task 3: Configure EIGRP as the routing protocol and enable spoke-to-spoke tunnels. Add Loopback10 to each of the routers and announce it in EIGRP.

Let’s enable EIGRP and announce the DMVPN network. Any routing protocol can be used, but EIGRP or OSPF are favorable in most designs. One thing to look out for is that for DMVPN spoke-to-spoke to work and bypass the hub, the next-hop IP address of the route should be unchanged, meaning it should not be the IP address of the hub’s tunnel but should be the corresponding spoke tunnel IP address. In OSPF, changing the interface network type to “broadcast” is the solution. EIGRP requires split-horizon to be disabled and next-hop-self on the hub router.

R1(config-if)#interface Loopback10
R1(config-if)#ip address 11.11.11.11 255.255.255.255
!
R1(config)#router eigrp 100
R1(config-router)#no auto-summary
R1(config-router)#network 10.1.1.0 0.0.0.255
R1(config-router)#network 11.11.11.11 0.0.0.0.
!
R1(config-if)#int tun100
R1(config-if)#no ip split-horizon eigrp 100
R1(config-if)#no ip next-hop-self eigrp 100


R2(config)#int lo10
R2(config-if)#ip address 22.22.22.22 255.255.255.255
!
R2(config-if)#router eigrp 100
R2(config-router)#network 10.1.1.0 0.0.0.255
R2(config-router)#network 22.22.22.22 0.0.0.0


R3(config-if)#int l10
R3(config-router)#network 10.1.1.0 0.0.0.255
R3(config-if)#ip address 33.33.33.33 255.255.255.255
!
R3(config-if)#router eigrp 100
R3(config-router)#network 33.33.33.33 0.0.0.0


R4(config-if)#int l10
R4(config-router)#network 10.1.1.0 0.0.0.255
R4(config-if)#ip address 44.44.44.44 255.255.255.255
!
R4(config-if)#router eigrp 100
R4(config-router)#network 44.44.44.44 0.0.0.0

 


Let’s check and verify EIGRP neighbor adjacencies and routes:

R1#sh ip eigrp ne
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
2 10.1.1.4 Tu100 14 00:03:18 79 474 0 7
1 10.1.1.3 Tu100 12 00:04:42 76 456 0 6
0 10.1.1.2 Tu100 14 00:04:42 66 396 0 5

R1#sh ip route eigrp
33.0.0.0/32 is subnetted, 1 subnets
D 33.33.33.33 [90/14208000] via 10.1.1.3, 00:01:24, Tunnel100
22.0.0.0/32 is subnetted, 1 subnets
D 22.22.22.22 [90/14208000] via 10.1.1.2, 00:02:58, Tunnel100
44.0.0.0/32 is subnetted, 1 subnets
D 44.44.44.44 [90/14208000] via 10.1.1.4, 00:00:44, Tunnel100

Let’s check how many NHRP entries before we ping 44.44.44.44 from R2, using 22.22.22.22 as source. We will only see one static mapping which is going to R1, the NHS.

R2#sh ip nhrp
10.1.1.1/32 via 10.1.1.1, Tunnel100 created 00:12:55, never expire
Type: static, Flags: authoritative used
NBMA address: 1.1.1.1

We will now test if spoke-to-spoke is possible. Let’s trace from R2 to R4. Take note that in some cases the trace will go to R1 for the initial traffic. The succeeding packets will go directly to R4. The reason for this is that. when the initial traffic is sent, R2 is still in the process of getting information about how to reach R4 directly through NHRP.

R2#traceroute 44.44.44.44 source 22.22.22.22
Type escape sequence to abort.
Tracing the route to 44.44.44.44

1 10.1.1.4 36 msec 36 msec 36 msec

R2#sh ip route 44.44.44.44
Routing entry for 44.44.44.44/32
Known via "eigrp 100", distance 90, metric 27008000, type internal
Redistributing via eigrp 100
Last update from 10.1.1.4 on Tunnel100, 00:02:20 ago
Routing Descriptor Blocks:
* 10.1.1.4, from 10.1.1.1, 00:02:20 ago, via Tunnel100
Route metric is 27008000, traffic share count is 1
Total delay is 1005000 microseconds, minimum bandwidth is 2000 Kbit
Reliability 255/255, minimum MTU 1200 bytes
Loading 1/255, Hops 2

R2#sh ip nhrp
10.1.1.1/32 via 10.1.1.1, Tunnel100 created 00:14:45, never expire
Type: static, Flags: authoritative used
NBMA address: 1.1.1.1
10.1.1.4/32 via 10.1.1.4, Tunnel100 created 00:00:04, expire 00:01:14
Type: dynamic, Flags: router used
NBMA address: 4.4.4.4

The traceroute above shows that the path taken was directly to the tunnel IP address of R4. The “show ip nhrp” command showed as well that the R2 built a direct spoke-to-spoke to R4 and traffic did not pass through R1.

 

Task 4: Configure Encryption

A good network design includes a way to secure traffic. This is a must, given that DMVPN is deployed into shared topologies like internet and MPLS. Let’s proceed to configure IP sec encryption. We will begin with configuration of the IP sec policy, SA, and profiles.

On All Routers:

crypto isakmp policy 5
encr aes 256
group 2
authentication pre-share
!
crypto isakmp key 0 cisco address 0.0.0.0 0.0.0.0
!
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 10
!
crypto ipsec security-association lifetime kilobytes 536870912
crypto ipsec security-association replay disable
!
crypto ipsec transform-set DMVPN esp-aes 256 esp-sha-hmac comp-lzs
crypto ipsec df-bit clear
!
crypto ipsec profile DMVPN
set transform-set DMVPN

Then let’s apply the crypto IP sec profile as tunnel protection mode on the tunnels for each router.

R1(ipsec-profile)#int Tunnel100
R1(config-if)# tunnel protection ipsec profile DMVPN
R1(config-if)#end

R1#
*Mar 1 00:25:45.115: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
*Mar 1 00:25:45.191: %SYS-5-CONFIG_I: Configured from console by console
R1#
*Mar 1 00:25:45.731: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.
(ip) vrf/dest_addr= /1.1.1.1, src_addr= 2.2.2.2, prot= 47


R2(ipsec-profile)#int Tunnel100
R2(config-if)# tunnel protection ipsec profile DMVPN


R3(ipsec-profile)#int Tunnel100
R3(config-if)# tunnel protection ipsec profile DMVPN


R4(config)#int Tunnel100
R4(config-if)# tunnel protection ipsec profile DMVPN

The network adjacencies will be lost and will only recover until the configurations are complete for each router. Now, let’s verify if traffic is encrypted and network connectivity is still up.

R1#ping 22.22.22.22 source 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/62/76 ms

R1#ping 33.33.33.33 source 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/52/64 ms

R1#ping 44.44.44.44 source 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 44.44.44.44, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/80/100 ms

R1#sh crypto isakmp sa
dst src state conn-id slot status
1.1.1.1 3.3.3.3 QM_IDLE 2 0 ACTIVE
1.1.1.1 2.2.2.2 QM_IDLE 1 0 ACTIVE
1.1.1.1 4.4.4.4 QM_IDLE 3 0 ACTIVE

The “QM_IDLE” means that IP sec is working properly. EIGRP adjacencies are restored. Now we have successfully created a secure and encrypted DMVPN network.

References

 

Based On:

Monday, August 3, 2015

Windows - Downgrade From Windows 10 to 7 or 8.1

How to Downgrade from Windows 10 to Windows 7 or 8.1

clip_image001

Windows 10 combines the best of Microsoft’s previous operating systems and combines them into one ultimate package. If you opted in to the free upgrade and have changed your mind after running Windows 10 for a few days, you’ll be pleased to know that it’s easy to roll back.

Don’t worry if you didn’t consider this before you upgraded. Microsoft has made it easy to change back to your previous operating system for a limited period. But there are other options too, meaning if you really don’t like the Windows 10 experience, you’re not stuck with it permanently.

If you’re thinking of rolling back to Windows 7 or 8.1, please drop into the comments section afterwards to let us know why and which method you’ll be using.

 

Back Up Before You Downgrade

You should do this before upgrading to Windows 10. It’s incredibly important that you always back up your system before making any major change. Although some of the processes outlined below should keep your data in tact, nothing is ever definite and it’s not worth taking the risk.

clip_image002

If you have backed up recently and your data hasn’t changed much since, it could just be a case of copying over a few extra files. If you need to do a full backup, check out our guide on the safest ways to backup. I recommend something likeCrashPlan for the future because it’ll take regular backups of your system, which is a practice you should follow anyway.

Also, make sure you’re not backing up to the same drive that the operating system is installed on. This might mean you’ll have to use an external hard drive or online cloud storage, but a backup is not secure if it’s sitting in the same place as your original data.

 

Built-in Downgrade Option

When upgrading from a previous version of Windows to 10, your old operating system files will be stored in a folder called Windows.old. This can be removed to free up space, but its existence means that rollback is easy.

Windows 10 has a built-in feature that allows you to go back to your old operating system. The caveat is that this option is only available for one month after you’ve upgraded. If that time has passed, check out some of the other options available below.

clip_image003

To get started, press Windows Key + I to bring up the Settings menu. ClickUpdate & security and then select Recovery from the left-hand navigation. Here you will see a header called Go back to Windows X (dependent on what version you were on before). Click Get started.

A window will open to ask while you’re going back to an old version. Fill this in and continue to click Next, noting the prompts and information like not unplugging your system during the process. The rollback will then begin, during which you won’t be able to use your system.

clip_image004

You might have to reinstall some programs or alter a couple of settings to get things back to how they were previously, but overall you should find it a quick and easy process.

 

Reinstall Your Previous Windows Version

Another method you could opt for is to do a fresh install of your old operating system. This will wipe everything on your drive, meaning the backup of personal data mentioned earlier is a required step before proceeding with this solution.

If you’ve got the previous Windows version on physical media, like a disc or USB drive, put it into your computer. If you don’t have a physical version then you can create one direct from Microsoft thanks to their Windows 7 Software Recovery andWindows 8.1 Installation Media. We have previously explained in detail how to created bootable Windows installation media.

clip_image005

Then restart your system and look for the message that’ll read something like “press F12 to choose boot device”. The message and key might vary – F10 and Esc are common alternatives. You can tap the key multiple times to make sure it’s registered.

You’ll then see a menu that will list all of the bootable devices to choose from. Use the arrow keys to select the one which corresponds to the media you just put in and then press Enter. Then follow the installation wizard, ensuring to select a custom install if prompted – this means you want to do a completely fresh install. You’ll be asked for your product license key, which can be found on the installation media (if Windows was purchased separately), or usually on a sticker on the device or with the PC’s documentation (if Windows came with the machine).

 

From a Drive Image

This one will only be applicable if you prepared ahead before upgrading to Windows 10. That is, if you have an image of your drive you can just restore that. An image is a complete copy of what’s on a drive, which includes personal data as well as the operating system’s files.

clip_image006

A drive image can be created in Windows 7 and 8.1 using the System Image utility (do a system search to find it), which can then be stored on external media. To restore from this in Windows 10, press Windows Key + I, click Update & security, then select Recovery. Underneath Advanced start-up, click Restart now and follow the prompts to restore from your drive image.

Again, this only works if you did an image of your drive before upgrading to Windows 10. If you didn’t, use one of the other options listed above. It’ll also wipe any data you created since making the drive image, so be sure to back up where necessary.

 

Roll Right Back

Microsoft is hoping everyone will love Windows 10, especially since it’s the last version of Windows, but that might not be the case. Thankfully, it’s easy to downgrade to your preferred version, regardless of whether you planned ahead before upgrading.

Remember, Microsoft’s rollback feature in Windows 10 will only be available for 30 days after you upgraded, so do it sooner rather than later if you want to use the easiest method.

Are you considering rolling back from Windows 10 or have you already? What didn’t you like about Microsoft’s new operating system?~

Taken From: http://www.makeuseof.com/tag/downgrade-windows-10-windows-7-8-1/

Friday, July 31, 2015

Windows - How to Clean Install Windows 10

The Windows 10 upgrade process drags old files, settings, and programs from your previous Windows system to your new one. Microsoft allows you to get an entirely fresh system by performing a clean install, but the activation process can be a bit confusing.

This is also useful if you’ve purchased a new Windows 10 PC and it includes manufacturer-installed bloatware you don’t want. Or, you may need to perform a clean install on a computer without an existing Windows system after installing a new hard drive.

Note that you won’t be eligible for the free “Windows DVD Player” app offered to users of Windows Media Center if you perform a clean install. However, you can always install VLC to get DVD playback or use one of the more fully featured Windows Media Center alternatives.

 

The Easy Alternative: Perform a Reset and Remove Everything

There’s an alternative to clean-installing. You can use the Reset feature to reset your Windows 10 system back to its fresh state.

If you installed Windows 10 yourself, this should give you a fresh Windows system. If you purchased a computer that came with Windows 10, this will likely bring back the bloatware that came with your Windows 10 PC. (There should be a way to prevent Windows 10’s Reset function from reinstalling the bloatware, but we’ll need to get our hands on a PC that comes with Windows 10 before we can find out how.)

Note that this may not be the perfect solution — while it should give you a perfectly like-new Windows system, some people have reported that it won’t fix some system corruption issues, in which case you’d want to perform a real clean install.

To reset your Windows 10 PC, open the Settings app, select Update & security, select Recovery, and click the “Get started” button under Reset this PC. Select “Remove everything.” This will wipe all your files, so be sure you have backups.

clip_image002

 

For the Free Upgrade: Have You Upgraded and Activated Your Windows 10 System?

If you want to perform a clean install of WIndows 10 and haven’t upgraded to Windows 10 yet on your Windows 7 or 8.1 PC, you have some extra work to do. You’ll need to take advantage of Microsoft’s upgrade offer before performing a clean install. (Obviously, if you have a PC that came with Windows 10 or you’ve purchased your own Windows 10 license, this isn’t necessary.)

When you upgrade a Windows 7 or 8.1 system to Windows 10, the installer confirms that you have a “genuine Windows” system installed and activates your computer for use with Windows 10. Note that you don’t actually get a Windows 10 product key — instead, your computer’s hardware is registered with Microsoft’s servers. When you install Windows 10 on that PC again in the future, it will check in with Microsoft’s servers, confirm it’s installed on a registered PC, and automatically activate itself.

If you don’t take advantage of the upgrade process first, this registration will never happen. There’s no way to enter a Windows 7 or 8.1 key into the Windows 10 installer, nor is there some sort of web form that will give you a Windows 10 key if you provide your Windows 7 or 8.1 key. Sorry — you’ll have to upgrade to Windows 10 before you can perform a clean install.

If you need to upgrade, you can download Microsoft’s Windows 10 media creation tool and tell it to “Upgrade this PC now.” It will automatically upgrade you to Windows 10 if your PC is running a genuine version of Windows 7 or Windows 8.1.

clip_image003

Once you’re done, confirm that Windows 10 is activated before performing a clean install. You can check this by opening Settings, selecting Update & Security, and selecting Activation.

Verify that you see “Windows is activated” here. Also, note the edition of Windows 10 you have installed — either Windows 10 Home or Windows 10 Pro. Most people will receive the Home edition as part of the free upgrade, but you’ll get Windows 10 Pro if you previously had a Professional edition of Windows 7 or 8.1 installed.

If Windows 10 isn’t activated, don’t try to perform a clean install until it is.

clip_image004

 

Download Windows 10 and Create Installation Media

Even if your Windows system has already been upgraded with the “Get Windows 10″ reservation process, you’ll need to download Windows installation media to install Windows 10 from scratch.

Download the Windows 10 media creation tool from Microsoft. This tool will download the correct Windows 10 installation files for your system, and it also has built-in functions to create USB installation media or burn an installer DVD. Select the “Create installation media for another PC” option to create installation media.

clip_image005

Be sure to select the correct type of installation media for the copy of Windows 10 that’s licensed for your PC — Windows 10 Home or Professional. You should also choose your language and select whether you want the 32-bit or 64-bit version of Windows here — most people will want the 64-bit version. However, you can create installation media that includes both the 32-bit and 64-bit version, and the installer will automatically select the most appropriate one when you use it to install Windows on a computer.

clip_image006

Install Windows 10 from the installation media like you would any other operating system. Restart your computer with the USB drive or DVD inserted and boot from that device. This may require you change a setting in the BIOS, access a boot menu, or use the “Use a device” option in the advanced startup options on a modern Windows 8 or 10 device that includes UEFI firmware instead of the traditional BIOS.

Select “Install Now” once the Windows installer starts. When you reach a screen asking for your WIndows 10 product key, click the Skip button. You won’t actually have a Windows 10 product key if you took advantage of the free upgrade offer.

If you do have a Windows 10 product key, enter it here.

image

Go through the setup process normally until you see the “Which type of installation do you want?” screen. Select the “Custom” option to ensure you’re performing a clean install and not an upgrade install.

Partition your system drive however you like. If you just have a single WIndows partition, you can tell the installer to overwrite it. If you have many partitions, you could delete them all and tell Windows 10 to install itself in the unallocated space.

image

You’ll be asked for the product key after the process is finished. Just click “Do this later” to skip this part and continue the setup process.

After you log into your new, clean-installed Windows 10 system, it should automaticallyactivate itself after you connect to the Internet. If you took advantage of the free upgrade offer, it does this by checking your computer’s hardware and then checking in with Microsoft, verifying that your hardware configuration is authorized to use Windows 10.

When we reinstalled Windows 10 Pro on our computer, it activated immediately. But, if Microsoft’s activation servers are overloaded, so it may take some time before your system activates. You can open the Settings app, select Update & security, and select Activation to check your activation status. If it’s not activated, you may see information here that can help you activate.

clip_image007

Some people report having to reboot several times, while others have just waited. The following command can force an activation to occur if it’s not happening automatically after going through the steps above. First, open an Administrator Command Prompt by right-clicking the Start button or pressing Windows Key + X and selecting Command Prompt (Admin). Type the following command and press Enter:

slmgr.vbs /ato

Many people report having to run this command several times. if you see an error message, try rebooting and running it again, wait and run it again, or just wait and let Windows activate automatically. Microsoft’s servers may be overloaded at the moment you’re trying to activate.

clip_image008

Microsoft’s free upgrade offer depends on your PC’s hardware so it may not activate properly if you’ve swapped out hardware inside your PC. You may need to call Microsoft and complete the phone activation process, explaining what happened, if you changed the PC’s hardware after taking advantage of the offer. The phone support line can give you an activation code that will allow you to activate Windows 10, even if it won’t activate automatically. However, you may have to provide additional information.

Note that the free Windows 10 upgrade (as well as OEM copies of Windows and pre-installed copies of Windows 10) can’t actually be transferred to a separate PC. They’re tied to a single PC’s hardware.

Taken From: http://www.howtogeek.com/224342/how-to-clean-install-windows-10/

Windows - Create an Image of Your PC

 How to Create an Image of Your PC Before Upgrading to Windows 10

Windows 10 is the biggest and most aggressive Windows rollout to date. Before you take the plunge you need to image your hard drive so, should you wish to return to the familiarity of Windows 7 or Windows 8 you can do so with the click of a button.

Note: This tutorial details how to create a bit-for-bit backup (a disk image) of your current Windows system disk so that you can later restore your computer using that image. If that’s not what you’re looking for and you’d like to actually copy your disk bit-for-bit over to a brand new hard disk (a disk clone) we’d encourage you to check out our detailed tutorial on the matter:How to Upgrade Your Existing Hard Drive in Under an Hour.

Why Do I Want To Do This?

There’s nothing worse than making a major change to your PC and then finding out that change breaks your workflow (like an old app you rely on doesn’t work anymore) or it outright breaks your PC because the leap to a new operating system leaves your hardware in need of new (and as-of-yet unreleased) drivers.

Over the years we’ve covered plenty of ways to use the tools built into Windows to perform snapshots, create backups, and otherwise help you to restore your computer to a prior state if your hardware upgrades or such go awry. When it comes to a change as big as jumping from Windows 7 or Windows 8 to the barely charted waters of Windows 10, however, you don’t want to rely on snapshots and rollback features to help you return to the safety of a prior version of Windows. You want the clear and precise ability to wipe the entire drive clean and restore it, bit for bit, to the exact state it was in before you even started the upgrade process.

In order to do that we need to image the drive. We want a perfect pre-upgrade copy we can call upon to restore the system. This drive image will remain clean and unchanged independently of anything we do to the computer during the upgrade process and thereafter so even if we format the drives, even if we use Windows 10 for six months and decide we really don’t like it, we can turn right back around and use the image we’ve created to turn back the clock and restore our computer to the exact state it was in before the upgrade.

We can’t emphasize enough how important this step is. We’ll complete it using free tools, it doesn’t cost anything (unless you need to purchase an extra drive to store the image on), and it hardly takes any time (especially when you compare it to the hassle of reinstalling your old version of Windows and reconfiguring everything).

What Do I Need?

As we highlighted in the introduction this procedure is free (unless you need an additional internal or external hard drive to house the drive image). To follow along with us today you’ll need the following things:

  • The PC you wish to backup.
  • A copy of Macrium Reflect Free (available for download here).
  • An internal or external hard drive with enough capacity to hold the contents of the drive you wish to image.
  • A USB drive to turn into a restoration drive (minimum size 1GB).

A few points of consideration before we proceed. We aren’t cloning your Windows drive onto a new bootable drive so we don’t need a fresh storage drive or a drive we can wipe. As long as you have the space you can use any drive you have on hand as long as it can hold the drive image. So, for example, if you have a 2TB external drive that you have a few hundred GB of photos backed up on, you can also use it (space permitting) to backup your Windows disk image with no risk to your photos or other data.

Although we advise you to have enough space for the whole drive, in reality the disk likely isn’t full and compression will buy you some wiggle room. On our test laptop, for example, we had a 100GB SSD, 75GB of that was filled up, and the compressed image in the end was only 50GB. Still, act as if you need a 1:1 space ratio and then be happy when you don’t.

Before proceeding gather together the required materials and take a moment to download and install Macrium Reflect Free.

Creating the Rescue Media

Because we are manipulating the system drive we need rescue media in order to properly restore the drive later (as we cannot simultaneously use the system drive and reload the system image). Further, good rescue media can be invaluable for troubleshooting problems down the road.

Thankfully Macrium makes it incredibly simple to create a Windows PE-based rescue media tool that includes Macrium preloaded and even boots right into the restoration tool. It couldn’t be easier and if you do things correctly on the setup and imaging side of things, the restoration side of things is a walk in the park.

clip_image002

Once you’re ready to create your restoration media, launch Macrium Reflect on select Other Tasks -> Create Rescue Media from the file bar, as seen above.

The Rescue Wizard is very helpful and will not only guide you through selecting the best rescue media but will automatically download and install the files from Microsoft on your behalf. The first step in the wizard process is confirming you have the right version of Windows PE. It automatically detects the version of Windows you’re creating the rescue media on. Ideally you want the rescue media to use the version of Windows PE that shares the same base kernel as the backup version.

If you’re backing up a Windows 7 machine before upgrading to Windows 10 that means you want Windows PE 3.1 (which uses the Windows 7 kernel). If you’re upgrading from Windows 8/8.1 to Windows 10 you want Windows PE 5.0 (PE 4.0 is an option but it’s not feature rich compared to PE 5.0 and the special use case for Windows PE 4.0 is very limited and definitely not within the requirements of anything we’re doing in this tutorial). If you need to change your PE version click on the button labeled “Change PE Version” at the bottom of the wizard screen.

Click Next and then confirm the drivers list (by default the media thoughtfully snags needed drivers from the host Windows installation, like USB 3.0 host drivers). Click Next.

clip_image003

Confirm that the “PE Architecture” matches your machine (it should have defaulted to the correct setting). Newer machines (made recently or in the last few years) are almost universally 64 bit. If you’re unsure you can read up on the differences between 64 bit and 32 bit (and how to check what you have) in our article HTG Explains: What’s the Difference Between 32-bit and 64-bit Windows?

Click Next and you’ll be prompted to OK a download from Microsoft (typically around 500MB).

clip_image004

Once the files from Microsoft finish downloading you’ll find yourself in the final step of the Rescue Media Wizard. Select your USB drive carefully; while the recovering media creation process doesn’t format your USB drive it does dump a bunch of files onto the disk and make some minor modifications you’ll just have to turn around and undo.

When the process is complete it’s safe to eject the recovery disk (you won’t need it again until it is time to restore your system at a later date).

Cloning Your Windows Disk

This portion of the tutorial occurs on your PC before installing Windows 10. Again, for emphasis as many readers following this tutorial likely don’t routinely use disk imaging software, this step occurs on your machine before you begin the Windows 10 upgrade.

Now would be a great time to do some last minute housekeeping: delete things you don’t need, run CCleaner to purge old temporary files that don’t need to live on forever in your disk image, uninstall apps you no longer want or need, and so on.

When you’re ready to create a perfect copy of the disk in a tidy pre-Windows 10 state, launch Macrium Reflect. In the left-hand navigation panel of the main window select “Create an image of the partition(s) required to backup and restore Windows” as seen in the screenshot below.

clip_image005

That link will automatically pop up Disk Image dialogue box with only the critical Windows partitions selected, as seen in the screenshot below.

clip_image006

There are a few important things to note here. By default the tool only selects the partitions you need to actually run Windows. In the screenshot above you can see that it selected the system and OS partitions. It did not select the recovery partition or other partitions on the primary disk. If you wish to preserve the recovery partition or other partitions, you can check them and include them in the disk image. If you don’t (we really don’t care if the recovery partition is preserved) leave them unchecked. If you do, check them off.

clip_image007

Next, select where you wish to store the image file. A local non-OS disk or a removable USB drive of suitable size is good. We stored ours on a removable USB 3.0 drive with plenty of space to spare. Click Next and you’ll be prompted to setup a backup plan for the disk. You can ignore all of these options. Macrium Reflect, even in the free version, has a very excellent automated backup system but that’s totally overkill for our needs as we’re making a one off backup. Leave the template “None”, don’t bother setting a schedule, and leave everything unchecked. Hit Next to continue on.

Confirm your settings on the last page (make sure the listed operations match what you selected earlier, like copying the system and Windows disks). Click Finish. In the final screen confirm “Run this backup now” is checked and click OK.

Sit back and relax as Macrium works to create the disk image. Expect to wait at least 30-60 minutes at minimum. When the process is complete you’ll have a perfect copy of your disk ready to pull out and restore the previous version of Windows. Put it in a safe place!

How Do I Restore To The Old Version?

Maybe you love Windows 10 and everything works wonderfully. We certainly never hope that someone is unhappy with an upgrade and despite all the complaints about Windows 8 we (albeit with a Windows 7 skin on things) were happy with the improvements. But not every upgrade is a match made in heaven and you might find that instabilities, non-existent drivers, or other problems hamper your enjoyment of Windows 10.

In such cases you’ll need to rollback with the help of Macrium Reflect and the disk image we just created. First things first, to avoid frustration, reboot your computer and enter the BIOS (it varies from manufacturer to manufacturer, but typically you access the BIOS via F2 or F11 on the keyboard when the computer is first booting).

It’s not enough to have a computer that can boot from USB, you need to check the boot order. More times than we can count we’ve had a boot disk fail because while the computer was more than capable of booting from a USB drive the USB drive option was third in the list after the physical hard disk and CDROM drive. Double check that the USB drive is at the top of the list! (Sometimes you actually need the physical USB drive inserted during the BIOS adjustment process or it won’t be detected or ordered properly). Save the changes and boot into your recovery media.

The recovery media we created in the early portion of the tutorial automatically boots right to the Macrium Reflect recovery software which is more than convenient. Once it boots up look for the Restore and Image Restore tabs as seen in the screenshot below.

If you’ve booted the computer with the hard drive that houses the disk image attached (either internally mounted or with the USB drive attached to the computer) it should automatically detect that the disk image is present and it matches the disk you’re about the restore via that image. If it doesn’t automatically detect don’t worry, you can browse for it.

clip_image008

Click on the entry “Browse for an image file”. Browse for the file and select the .MRIMG file you previously created. After you load the backup image you’ll see additional information about the image file.

clip_image009

Confirm that it is the correct image file (the name matches the one you want, the drive size and partitions match, and so on). Once you’ve confirmed it is the image you want, click the link “Restore Image” as seen in the screenshot above.

clip_image010

You’ll be prompted to select a disk to restore your image to. Click “Select a disk to restore to…”

Select carefully from the available disks. You don’t want to overwrite your secondary data hard drive when your real target is your primary system disk. Once you’ve selected the image, then click “Copy selected partitions” to copy the partitions from the image file back over to your disk.

clip_image011

Note: Sharp-eyed readers will likely have noticed that the disk size and partition distribution between our source disk and our destination disk do not match up in the above image. Because the computer with which we conducted the steps for this tutorial (as we personally test and confirm all steps in all articles we write here at How-To Geek) would not cooperate with our capture tool during the time it was booted into Windows PE we recreated the sequence in a virtual machine expressly to create the screenshots for your reference. Please note that in the particular application we’ve using here (overwriting your existing disk with an old image) the image and the actual hard drive configuration should match up.

With the disk selected (and double checked), click Next. Confirm the Restore Summary and Operation list match what you expect and then click Finish to start the process.

When the restoration process is complete and the conclusion summary is displayed, you’re all done! Click on the shutdown button located in the lower left corner of the restoration user interface, remove the USB restoration drive, and confirm you wish to restart. You’ll boot back into your Windows machine and everything will be good as new and exactly like it was the day you made the image.

When it comes to foolproof restoration you just can’t beat a good disk image. Before you make the leap to Windows 10 take an hour or so and make a clean disk image you can return to should you find the upgrade isn’t all it’s promised to be.

Taken From: http://www.howtogeek.com/223139/how-to-create-an-image-of-your-pc-before-upgrading-to-windows-10/

Wednesday, July 15, 2015

3G / 4G - Signal Quality Verification

Making Sense of Signal Strength/Signal Quality Readings for Cellular Modems

Posted by Stephen Mammen

The first step in any successful cellular modem installation is verifying that the modem has a good connection back to the carrier network.  This is especially helpful in that first "fingers crossed" moment when you are going live with a modem; good signal strength and signal quality makes modem deployment a smoother process.

While some graphical and qualitative ratings are provided by a cell modem's status page (e.g. green status/"Excellent"/"Good", red status/"Poor"/"Weak", etc.), more often one sees a numerical reading in dB or dBm.  What do all these acronyms and negative numbers mean?  This post aims to help with those questions.

Let's begin by defining our main acronyms of interest (along with the cellular technologies they are most useful for in parenthesis).  There are certainly more measurements used in the industry, but let's keep it simple... signal strength and signal quality.

Signal Strength

  • RSSI - Received Signal Strength Indicator (3G, CDMA/UMTS/EV-DO)
  • RSRP - Reference Signal Received Power (4G LTE)

Signal Quality

  • ECIO (Ec/Io) - Energy to Interference Ratio (3G, CDMA/UMTS/EV-DO)
  • RSRQ - Reference Signal Received Quality (4G LTE)
  • SINR - Signal to Interference-plus-Noise Ratio (4G LTE)

It is important to identify what cellular technology you are using when examining these metrics.
For 3G cellular connections, RSSI and EC/IO is what to look at.

clip_image002

clip_image004

For 4G LTE, RSRP, RSRQ, and SINR are the metrics to check.

clip_image006

clip_image008

clip_image010

Regardless of cellular technology, for a given installation to perform to expectations, both signal strength and quality should be optimized in the "Excellent" category.  If you are suffering from poor signal, consider moving the cellular device to a new location and survey the area for interfering RF components.  If simply relocating your device is not practical, it may be necessary to explore a new antenna configuration. As we've covered previously though, exercise caution or consult us on this topic as bigger isn't always better.
This information should be your first line of defense when troubleshooting cellular performance issues.  Give INS a call for all your cellular gateway needs!

Taken From: http://blog.industrialnetworking.com/2014/04/making-sense-of-signal-strengthsignal.html

Tuesday, June 30, 2015

Cisco - NAT Overload on the Loopback (exit with different Public IP)

The Loopback Interfaces are very usefull to troubleshoot, it allows you to do test without using physical interfaces that may or may not be up. You can even shutdown manually / administratively a physical interface and enter it’s IP addresses on a loopback, and do your tests (like anouncing network via a dynamic routing protocol)

You can take the loopback interfaces and take them one step further, and make them part of the solution, and avoid having an extra routers, this is possible because the traffic goes in and out like it was entering and exiting another router.

In this example I will show you how to do NAT Overload to an IP different from the one in the WAN interface, this means that you will exit to the Internet with diferent Public IP from the one in the WAN interface. This is usefull for example when you want your guest wifi users to exit to the Internet with an Public IP that is different from the one the employes use.

Without NAT Overload on the Loopback (NAT Outside) you would have to implement a cenário like this:NO_NAT_LOOPBACK

where you need an extra router (R0) to do the NAT Overload to the Public IP (100.0.0.1). Besides the aditional router you spend four Public IPs in the interconection between R0 and R1.

With NAT Overload on the Loopback interface you only need a cenário like this:NAT_LOOPBACK_PLUS

Below I will show you how to accomplish this in two ways:

  • PBR with Set Next Hop – You also spend four Public IPs like in the cenario with a real router
  • PBR with Set Inteface – You only spend one Public IP (the 100.0.0.1)

we use PBR to force the traffic we want to NAT with a different Public IP through to the Loopback Interface in order to get Nated. You could point the default route to the Loopback Interface, but when the traffic returned it wouldn’t be sent out through the WAN Interface (Fa0/1 on R1), It would be sent again to the Loopback.

 

NAT Overload on the Loopback - PBR with Set Next Hop 

In this cenario we have a /30 Public IP in the Loopback this implies the following network:

  • One IP for the network – 100.0.0.0
  • One IP for R1 Loopback Interface  (NAT Target) – 100.0.0.1
  • One IP for the Next Hop (wich does not exist) - 100.0.0.2
  • Once IP for Broadcast - 100.0.0.2

the IP for the Next Hop (100.0.0.2) at first glance look quite unuseful, but if you look PBR route map we use this IP even though it does not exist, because this forces the traffic to go out the Loopback (100.0.0.1) because it’s directly connected to the netwok (10.0.0.0/30) of the next hop set in the PBR route map.

## PC1 ###########################
hostname PC1

interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
no shutdown

ip route 0.0.0.0 0.0.0.0 10.0.0.254

 
## ISP ###########################
hostname ISP

interface FastEthernet0/1
ip address 200.0.0.2 255.255.255.252
no shutdown
 
ip route 0.0.0.0 0.0.0.0 200.0.0.1

 
## R1 ############################
interface loopback 111
ip address 100.0.0.1 255.255.255.252
ip nat outside
no shutdown
 
interface FastEthernet 0/0
description *** LAN ***
ip address 10.0.0.254 255.255.255.0
ip nat inside
ip policy route-map Nat-Loopback
no shutdown

interface FastEthernet 0/1
description *** WAN ***
ip address 200.0.0.1 255.255.255.252
ip nat outside
no shutdown

access-list 102 remark *** Traffic for NAT Overload on The Loopback ***
access-list 102 permit ip 10.0.0.0 0.0.0.255 any
 
ip nat inside source list 102 interface loopback 111 overload
ip route 0.0.0.0 0.0.0.0 200.0.0.2
 
route-map Nat-Loopback permit 10
match ip address 102
 set ip next-hop 100.0.0.2

 
## TEST ##########################
ISP# debug ip icmp
ISP# terminal monitor


PC1#ping 200.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 112/160/220 ms
PC1#


ISP#
*Mar  1 00:28:33.051: ICMP: echo reply sent, src 200.0.0.2, dst 100.0.0.1
*Mar  1 00:28:33.255: ICMP: echo reply sent, src 200.0.0.2, dst 100.0.0.1
*Mar  1 00:28:33.387: ICMP: echo reply sent, src 200.0.0.2, dst 100.0.0.1
*Mar  1 00:28:33.551: ICMP: echo reply sent, src 200.0.0.2, dst 100.0.0.1
*Mar  1 00:28:33.671: ICMP: echo reply sent, src 200.0.0.2, dst 100.0.0.1

 

 

NAT Overload on the Loopback - PBR with Set Interface

In this cenario we have a /32 Public IP in the Loopback this implies the following network:

  • One IP for R1 Loopback Interface  (NAT Target) – 100.0.0.1

this achives the same result but using only one IP, and saving the other three for other usages.

 

In RED you have the changes from the previous cenario (PBR with Set Next Hop )

## PC1 ###########################
hostname PC1

interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
no shutdown

ip route 0.0.0.0 0.0.0.0 10.0.0.254

 
## ISP ###########################
hostname ISP

interface FastEthernet0/1
ip address 200.0.0.2 255.255.255.252
no shutdown
 
ip route 0.0.0.0 0.0.0.0 200.0.0.1

 
## R1 ############################

interface loopback 111
ip address 100.0.0.1 255.255.255.255
ip nat outside
no shutdown
 
interface FastEthernet 0/0
description *** LAN ***
ip address 10.0.0.254 255.255.255.0
ip nat inside
ip policy route-map Nat-Loopback
no shutdown

interface FastEthernet 0/1
description *** WAN ***
ip address 200.0.0.1 255.255.255.252
ip nat outside
no shutdown

access-list 102 remark *** Traffic for NAT Overload on The Loopback ***
access-list 102 permit ip 10.0.0.0 0.0.0.255 any
 
ip nat inside source list 102 interface loopback 111 overload
ip route 0.0.0.0 0.0.0.0 200.0.0.2
 
route-map Nat-Loopback permit 10
match ip address 102
set interface loopback 111
%Warning:Use P2P interface for routemap set
                interface clause

 
## TEST ##########################
ISP# debug ip icmp
ISP# terminal monitor


PC1#ping 200.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 112/160/220 ms
PC1#


ISP#
*Mar  1 00:28:33.051: ICMP: echo reply sent, src 200.0.0.2, dst 100.0.0.1
*Mar  1 00:28:33.255: ICMP: echo reply sent, src 200.0.0.2, dst 100.0.0.1
*Mar  1 00:28:33.387: ICMP: echo reply sent, src 200.0.0.2, dst 100.0.0.1
*Mar  1 00:28:33.551: ICMP: echo reply sent, src 200.0.0.2, dst 100.0.0.1
*Mar  1 00:28:33.671: ICMP: echo reply sent, src 200.0.0.2, dst 100.0.0.1

Saturday, June 6, 2015

Huawei - Switch: Basic QinQ Tunnel (aka 802.1Q Tunneling)

How to Configure Basic QinQ?

Posted on December 8, 2014

 

Networking Requirements

As shown in the below figure, there are two enterprises on the network, Enterprise 1 and Enterprise 2. Enterprise 1 has two office locations, and Enterprise 2 has 2 office locations. The office locations of the two enterprises access SwitchA and SwitchB of the ISP network. A non-Huawei device with the TPID value 0x9100 exists on the public network.

The requirements are as follows:

  • Enterprise 1 and Enterprise 2 plans their VLANs independently.
  • Traffic of the two branches is transparently transmitted on the public network. Users using the same services in the two branches are allowed to communicate and users using different services are isolated.

You can configure QinQ to meet the preceding requirements. VLAN 100 provided by the public network can be used to implement communication of Enterprise 1 in the two branches and VLAN 200 is used for Enterprise 2. You can set the TPID value in the outer VLAN on the interface that connects the non-Huawei device to implement communication between devices.

Note: This example can be applied to Huawei switches higher level than Quidway S2700 and with EI version.

 

Configuring basic QinQ

configuring-basic-qinq

 

Configuration Roadmap

The configuration roadmap is as follows:

  • Configure VLAN 100 and VLAN 200 on both SwitchA and SwitchB. Set the link type of the interface to QinQ and add the interfaces to VLAN. In this way, different outer VLAN tags are added to different services.
  • Add interfaces connecting to the public network on SwitchA and SwitchB to VLAN 100 and VLAN 200 to permit packets from these VLANs to pass through.
  • Set the TPID values in the outer VLAN tag on interfaces connecting to the public network on SwitchA and SwitchB to implement communication between the device with devices from other vendors.

Procedure

 

Create VLANs.

# Create VLAN 100 and VLAN 200 on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 100 200

# Create VLAN 100 and VLAN 200 on SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan batch 100 200

 

Set the link type of the interface to QinQ.

# Configure GE0/0/1 and GE0/0/2 of SwitchA as QinQ interfaces. Set the VLAN of GE0/0/1 to VLAN 100 and the VLAN of GE0/0/2 to VLAN 200. The configuration of SwitchB is similar to the configuration of SwitchA, and the configuration details are not mentioned here.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type dot1q-tunnel
[SwitchA-GigabitEthernet0/0/1] port default vlan 100
[SwitchA-GigabitEthernet0/0/1] quit

[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type dot1q-tunnel
[SwitchA-GigabitEthernet0/0/2] port default vlan 200
[SwitchA-GigabitEthernet0/0/2] quit

Configure the interface connecting to the public network on the switch.

# Add GE0/0/3 of SwitchA to VLAN 100 and VLAN 200. The configuration of SwitchB is similar to the configuration of SwitchA, and the configuration details are not mentioned here.
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type trunk
[SwitchA-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 200
[SwitchA-GigabitEthernet0/0/3] quit

Configure the TPID value for an outer VLAN tag

# Set the TPID value of an outer VLAN tag to 0x9100 on SwitchA.
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] qinq protocol 9100

# Set the TPID value of an outer VLAN tag to 0x9100 on SwitchB.
[SwitchB] interface gigabitethernet 0/0/3
[SwitchB-GigabitEthernet0/0/3] qinq protocol 9100

Verify the configuration.

In Enterprise 1, ping a PC of a VLAN in a branch from a PC of the same VLAN in another branch. If the two PCs can ping each other, internal users of Enterprise 1 can communicate.

In Enterprise 2, ping a PC of a VLAN in a branch from a PC of the same VLAN in another branch. If the two PCs can ping each other, internal users of Enterprise 2 can communicate.

Ping a PC in a VLAN of Enterprise 2 in a branch from a PC in the same VLAN of Enterprise 1 in either branch. If the two PCs cannot ping each other, users in Enterprise 1 and Enterprise 2 are isolated.

 

Configuration Files

# Configuration file of SwitchA
sysname SwitchA
#
vlan batch 100 200
#
interface GigabitEthernet0/0/1
port link-type dot1q-tunnel
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type dot1q-tunnel
port default vlan 200
#
interface GigabitEthernet0/0/3
qinq protocol 9100
port link-type trunk
port trunk allow-pass vlan 100 200
#
return


#Configuration file of SwitchB
sysname SwitchB
#
vlan batch 100 200
#
interface GigabitEthernet0/0/1
port link-type dot1q-tunnel
port default vlan 100
#
interface GigabitEthernet0/0/2
port link-type dot1q-tunnel
port default vlan 200
#
interface GigabitEthernet0/0/3
qinq protocol 9100
port link-type trunk
port trunk allow-pass vlan 100 200
#
return

The more information about technical support you can consult with our engineer – Bill, and his e-mail address is as below:

bill@huanetwork.com

Taken From: http://www.huanetwork.com/blog/how-to-configure-basic-qinq/