Ruckus R510 Resetting steps and configuration

Ruckus R510 Setup:

Our Requirement is to Enable Gateway mode in the Ruckus Access point.

1. After reset the box, you will get green light in the box

2. once you get the green light in the box, assign ip address to your laptop ( 192.168.0.10)

3. Default IP address of the ruckus box ip address is 192.168.0.1

4. Type the IP address  192.168.0.1 in the browser, you will get wizard of the setup

Enabling Gateway mode as showed in the below:

Aruba HP 5400r Core switch LACP configuration steps for server connected ports

LACP configuration steps for servers connected ports, which are in untagged mode:

Untagged to VLAN:

-Aruba-5400R-core(config)# interface c4,c5

-Aruba-5400R-core(eth-C4-C5)# untagged vlan 20

-Aruba-5400R-core(eth-C4-C5)# exit

LACP Configuration:

-Aruba-5400R-core# configure t

-Aruba-5400R-core(config)# interface c4,c5 lacp active

Trunking ( Ether channel port):

-Aruba-5400R-core(config)# trunk ethernet c4,c5 trk2 lacp

Untagging Trunking:

-Aruba-5400R-core(config)# interface trk2

-Aruba-5400R-core(eth-Trk2)# untagged vlan 20

LACP Checking steps:

Sh lacp

          LACP      Trunk     Port                LACP      Admin   Oper

   Port    Enabled   Group     Status    Partner   Status    Key     Key

   -----   -------   -------   -------   -------   -------   ------  ------

   C2      Active    Trk1      Up        No        Success   0       962

   C3      Active    Trk1      Down      No        Success   0       962

   C4      Active    Trk2      Down      No        Success   0       963

   C5      Active    Trk2      Up        Yes       Success   0       963

   C6      Active    Trk3      Down      No        Success   0       964

   C7      Active    Trk3      Down      No        Success   0       964

-Aruba-5400R-core(config)# sh lacp peer

LACP Peer Information.

System ID: 8030e0-462500

  Local  Local                          Port      Oper    LACP     Tx

  Port   Trunk  System ID         Port  Priority  Key     Mode     Timer

  ------ ------ ----------------- ----- --------- ------- -------- -----

  C2     Trk1   000000-000000     66    0         0       Passive  Slow

  C3     Trk1   000000-000000     67    0         0       Passive  Fast

  C4     Trk2   000000-000000     4     128       48879   Active   Slow

  C5     Trk2   98be94-760892     6     128       48879   Active   Slow

  C6     Trk3   98be94-760962     2     128       48879   Active   Slow

  C7     Trk3   98be94-760962     5     128       48879   Active   Slow

ASA Firewall configuration with Firepower module

Cisco ASA firewalls:

1. Enable password configuration:

Enable password cisco

Username cisco password cisco

2. SSH configuration:

aaa authentication ssh console LOCAL

crypto key generate rsa modulus 1024

ssh 10.10.10.0 255.255.255.0 management

3. Copying asdm file into ASA firewall:

copy tftp flash

remote host: laptop ip

file name: asdm-647.bin

destination: enter button

!!!!!...!!!!

Once you uploaded the firmware please check below options:

ASA1# dir

ASA1(config)# boot system disk0:/asa952-lfbff-k8.SPA

ASA1(config)# asdm image disk0:/asdm-752.bin

Once done the above steps, check below commands before boot the appliance

ASA1# show bootvar

(config)# asdm image flash:/asdm-647.bin

4. post uploaded ASDM enable http server

(config)# http serve

http server enable

http 10.10.10.0 255.255.255.0 management

Step 1: Configure ASA interfaces and assign appropriate security levels

interface GigabitEthernet1/1

  description to WAN

  nameif outside

  security-level 0

  ip address 10.1.1.1 255.255.255.0

!

interface GigabitEthernet1/2

  description to LAN

  nameif inside

  security-level 100

  ip address 192.168.0.1 255.255.255.0

Step 2: Configure ASA as an Internet gateway, enable Internet access (PAT)

nat (inside,outside) after-auto source dynamic any interface

nat (dmz1,outside) after-auto source dynamic any interface

Add default route in appliance:

Route outside 0.0.0.0 0.0.0.0 10.1.1.2

For ICMP Return traffic below are the commands:

It allows icmp return traffic to pass the ASA while the Ping is initiated from inside hosts.

“policy-map global_policy

class inspection_default

inspect icmp”

Step 3: Configure static NAT to web servers, grant Internet inbound access to web servers

object network WWW-EXT ( External IP )

  host 10.1.1.10

!

object network WWW-INT ( Internal IP)

  host 192.168.1.10

!

nat (dmz1,outside) source static WWW-INT WWW-EXT

 

 

ACL for the static NAT (WAN>LAN):

access-list OUTSIDE extended permit tcp any object WWW-INT eq www

access-list OUTSIDE extended permit icmp any4 any4 echo -----à ( Optional)

access-group OUTSIDE in interface outside

Step 4: Configure DHCP service on the ASA

dhcpd address 192.168.0.5-192.168.0.250 inside

dhcpd dns 9.9.9.9 4.2.2.2

dhcpd lease 3600  ---------à ( In seconds )

dhcpd ping_timeout 50

dhcpd enable inside  -----------à ( Enabling DHCP on inside interface )

dhcprelay timeout 60

Enable SSH access for admin:

ASA1(config)# hostname ASA1

ASA1(config)# crypto key generate rsa modulus 1024

ssh 12.2.1.0 255.255.255.0 outside

ssh 192.168.0.0 255.255.0.0 inside

ssh timeout 30

ssh version 2

aaa authentication ssh console LOCAL

DNS –Server:

asa(config)#dns domain-lookup outside
asa(config)#dns name-server 4.2.2.2

Step 7: Configure time and enable logging

ASA1# clock set 12:05:00 Jan 22 2016

ASA1# clock timezone EST -5

ASA1# clock summer-time EST recurring

ASA1# logging enable

ASA1# logging timestamp

ASA1# logging buffer-size 512000

ASA1# logging buffered debugging

Cisco ASA 5506-X FirePOWER Configuration Example Part 2

Step 2: Verifying FirePOWER module status

ASA1# sho module

Mod Card Type                                  Model             Serial No.

---- -------------------------------------------- ------------------ -----------

ASA 5506-X with FirePOWER services, 8GE, AC, ASA5506           JAD19280XXX

sfr FirePOWER Services Software Module          ASA5506           JAD19280XXX

Mod MAC Address Range                 Hw Version   Fw Version   Sw Version

---- --------------------------------- ------------ ------------ ---------------

1 5897.bd27.58d6 to 5897.bd27.58df 1.0         1.1.1       9.5(2)

sfr 5897.bd27.58d5 to 5897.bd27.58d5 N/A         N/A         5.4.1-211

Mod SSM Application Name           Status           SSM Application Version

---- ------------------------------ ---------------- --------------------------

sfr ASA FirePOWER                 Up               5.4.1-211

Mod Status             Data Plane Status     Compatibility

---- ------------------ --------------------- -------------

1 Up Sys             Not Applicable

sfr Up                 Up

 

 

Step 3: Physical cabling

Step 4: Initial configuration of FirePOWER module:

On console CLI interface, enter the FirePOWER module using session command:

ASA1# session sfr

Default username / password: admin / Sourcefire

The first time you access the FirePOWER module, you are prompted for basic configuration parameters.

System initialization in progress. Please stand by.

You must change the password for 'admin' to continue.

Enter new password:

Confirm new password:

You must configure the network to continue.

You must configure at least one of IPv4 or IPv6.

Do you want to configure IPv4? (y/n) [y]:

Do you want to configure IPv6? (y/n) [n]:

Configure IPv4 via DHCP or manually? (dhcp/manual) [manual]:

Enter an IPv4 address for the management interface [192.168.45.45]: 192.168.1.2

Enter an IPv4 netmask for the management interface [255.255.255.0]:

Enter the IPv4 default gateway for the management interface []: 192.168.1.1

Enter a fully qualified hostname for this system [Sourcefire3D]:

Enter a comma-separated list of DNS servers or 'none' []:

Enter a comma-separated list of DNS servers or 'none' []:

Enter a comma-separated list of DNS servers or 'none' []: 4.2.2.2

Enter a comma-separated list of search domains or 'none' [example.net]:

If your networking information has changed, you will need to reconnect.

For HTTP Proxy configuration, run 'configure network http-proxy'

Applying 'Default Allow All Traffic' access control policy.

 

Configure and Manage AS A FirePOWER Module using ASDM Part 3

Configure and Manage ASA FirePOWER Module using ASDM:

Step 1: Enable HTTP service on the ASA:

By default, HTTP service is not enabled on the ASA. You need first enable HTTP service and specify the network and interface where access is allowed.

http server enable

http 192.168.0.0 255.255.255.0 inside

http 192.168.1.0 255.255.255.0 management

Step 2: Open a web browser and go to the management IP of the ASA

Cisco ASA Firmware Upgraduation steps

Cisco ASA firewall firmware upgradation:

Example:

ASA-5512# copy tftp: disk0:

Address or name of remote host []? 172.16.31.1

Source filename []? asa916-smp-k8.bin

Destination filename [asa916-smp-k8.bin]?

Accessing tftp://172.16.31.1/asa916-smp-k8.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Writing file disk0:/asa916-smp-k8.bin...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

38043648 bytes copied in 32.290 secs (1188864 bytes/sec)

ASA-5512# sh disk0
--#--  --length--  -----date/time------  path

  191  38191104    Nov 21 2014 21:07:48  asa912-smp-k8.bin
  192  17906032    Apr 08 2015 22:33:44  asdm-713.bin
  193  26350916    Apr 09 2015 06:28:20  asdm-741.bin
  194  38043648    May 10 2015 02:14:06  asa916-smp-k8.bin

4118732800 bytes total (3556712448 bytes free)

!--- Command to set "asa916-smp-k8.bin" as the boot image.

ASA-5512(config)# boot system disk0:/asa916-smp-k8.bin

!--- Command to set "asdm-741.bin" as the ASDM image.

ASA-5512(config)# asdm image disk0:/asdm-741.bin

ASA-5512# write memory

ASA-5512# reload