Saturday, 25 June 2016

Enabling MD5-Challenge in WINDOWS


EAP-MD5 was removed from Windows because of its inherent lack of security.  However, the MD5 functionality still exists in RASCHAP dll. You can turn on MD5 with the following steps.

To re-enable EAP-MD5 support in versions of Windows, add the following registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\4


Steps to Enable MD5-Challenge on WINDOWS
---------------------------------------------------------
  •    Go to run type regedit, inside that go the below location.
  •   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP
  •   Create a new key value 4.
  •   Create the 5 values as mentioned below.
       Value name: RolesSupported
       Value type: REG_DWORD
       Value data: 0000000a

       Value name: FriendlyName
       Value type: REG_SZ
       Value data: MD5-Challenge

       Value name: Path
       Value type: REG_EXPAND_SZ
       Value data: %SystemRoot%\System32\Raschap.dll


       Value name: InvokeUsernameDialog
       Value type: REG_DWORD
       Value data: 00000001


       Value name: InvokePasswordDialog
       Value type: REG_DWORD
       Value data: 00000001
  •   After creating the above entry go to run –type services
  •    In services look for Wired Auto Config and Wireless Auto config.
  •    Start the service or restart it if it is already started.
  •    Now go to any of the LAN adapter and select properties you see a Authentication tab.
  •    Enable dot1x on that Port and select MD5-Challenge.
  •   Once you enable Dot1x on your Switch/Router on a particular port, go to windows and check a pop will pop asking for user /password, provide the user /password to authenticate the port. 


Note: If using a VM open the VM with Console Access, Methods such as RDP did not work for me.
           I have verified the working with WIN 7 and WINDOWS Server 2008



Typical Use case: If we want to test WebAuth Combined with Dot1x and Mac-Auth , then dot1x
                              has to performed form windows so that after successful authentication or
                              no authentication  ,webauth can be performed by opening a web browser.

Note: This is pretty handy if your radius server does not support PEAP and EAP-MD5-Challenge
          has to be used. Simple Dot1x/MacAuth Can be performed via Spirent.
          But for combining WebAuth with Mac-Auth and Dot1x this proves vey useful.


Saturday, 18 June 2016

TCL List & Basic List Programs

TCL List.
=======
-->List are ordered collections of elements
-->Tcl commands are basically referred as list. The first entry of the list is the command and other -->entries are the arguments to the command.
-->Each element can be defined either with “” or {}
-->Lists can be created in several ways:
 
     -->By setting a variable to be a list of values
          set list {{item 1} {item 2} {item 3}}
     -->USing split command
          set list [split "item 1.item 2.item 3"  "."]
     -->Using the list command.
          set list [list "item 1" "item 2" "item 3"]

Finally, we get the same output of the above three:{item 1} {item 2} {item 3}


List Commands: Syntax and Examples:
####################

lindex 
======= 

Syntax: lindex list index
Returns the indexth item from the list.The first item is 0
     Example:
     --------
     set list {one two three}
     lindex $list 0
   
     Output:- One

lrange
======

Syntax: lrange list first last
Return one or more adjacent elements from a list Selecting the first two elements:
       Example:
       --------
       lrange {a b c d e} 0 1
     
       Output:- a b
   
       Selecting the last three elements:
       lrange {a b c d e} end-2 end
   
       Output:- c d e

llength
=====

Syntax : llength list
Returns the number of elements in a list
     Example:
     --------
     llength {a b c d e}
   
     Output:- 5

lsearch
=====

Syntax : lsearch list pattern
Seraches list for an entry that matches pattern and returns the index for the first match and -1 if there is no match
     Example:
     -------
     set list [list {Washington 1789} {Adams 1797} {Jefferson 1801} \
                 {Madison 1809} {Monroe 1817} {Adams 1825} ]

     set x [lsearch $list Washington*];
     set y [lsearch $list Monroe*];
   
     Output: Value of x is 0
    Value of y is 4
   


Foreach
======

Syntax : foreach var list body
It executes the body code one time for each item in the list.
   
    Example:
    -------
    set tList {one two three}
      foreach a $tList {
         puts $a
      }
     Output:
     one
     two
     three



Linsert
=====

Syntax : lindex list index args
Returns a new list with a new list elements inserted just before the indexth element in the list.
     Example:
     -------
     set a [list a b {c d e} f {g h}]
     set b [linsert $a 3 "1 2 3"]
     Output:
     Value of b is : a b {c d e} {1 2 3} f {g h}

Lappend
=======

Syntax : lappend list arg1 arg2….
Appends the args to the list treating each arg as a list element.
        Example:
        -------
set a [list a b {c d e} f {g h}]
set b [lappend $a "1 2 3"]
        Output:
Value of b is : a b {c d e} f {g h} {1 2 3}



Lsort
=====

Syntax : lsort list
It sorts the list and returns a new list in the from of sorted order.

   Examples
   ---------
   set yourlist {test2 test3 test1}
   puts [lsort $yourlist]
   Output:
   test1 test2 test3

   Note :This will fail if you have numbers > 10:

   set yourlist {test2 test3 test1 test11}
   puts [lsort $yourlist]
   output:
   test1 test11 test2 test3

   The lsort command with dictionary option does the work for us.
   set lis {test1 test10 test20 test15 test3}
   puts [lsort -dictionary $lis]
   Output:
   test1 test3 test10 test15 test20


Lreplace
========
Syntax : lreplace list first last arg1 arg2 …

        Example:
        -------
set a [list a b c {1 2 3} d e f {g h} {ij K lm}]
set b [lreplace $b 3 5 "AA" "BB"]
        Output:
After lreplacing 3 positions with 2 values at position 3:
a b c AA BB f {g h} {ij K lm}



Tcl Programes Demonstrating List Commands Usage.

########################################

1. TCL program to reverse a list.

Solution1:
==========
 set my_list "5 7 66 2 1"
 set len [llength $my_list]
 for {set i $len} {$i > 0} {incr i -1} {
  set m [lindex $my_list [expr $i - 1]]
  puts -nonewline "$m "
 }

 Output:1 2 66 7 5

  Solution2:
  ==========
 set lst {1 2 3 30 -1 a b}
 puts [lreverse $lst]



2. TCL Program to remove duplicate entries from a given list.


 Solution1:
 =========
 set my_list "1 2 3 4 5 6 7 8 11 17 33 3 4 8"
 set new_list   [lsort -unique $my_list]
 puts $new_list

 Output:
 ======
 1 11 17 2 3 33 4 5 6 7 8


3.Tcl proogram to increment each elements in a list

   set my_list "1 2 3"
   foreach li $my_list {
    puts [incr li]
   }
 
   Output:
   2
   3
   4


4.TCL program to find the number of elements in the list without using llength

  set list "1 2 3 4 5 6 7 8 9 10 11 12 13 14 15"
  set i 0
  foreach mem $list {
   set b "$mem = $i"
   incr i
  }
  puts $i

  Output:
  -------
  15


5. TCl program to reverse a string

   set string "manishbidsar"
   set rev [string reverse $string]
   puts $rev




6.TCL program to convert a list into string.


   set string ""
   set list {a b c d e f}
   for {set i 0} {$i<[llength $list]} {incr i} {
      append string [lindex $list $i]
   }
   puts $string

   Output:
   abcdef



7.Difference between lappend and concat in TCL.


  set list1 {1 2 3}
  puts $list1
  set list2 {a b c}
  puts $list2
  set new [lappend list1 $list2]
  puts $new
  set lengthlist [llength $new]
  puts $lengthlist

  Output:
  1 2 3
  a b c
  1 2 3 {a b c}
  4

  set list1 {1 2 3}
  puts $list1
  set list2 {a b c}
  puts $list2
  set b [concat $list1 $list2]
  puts $b
  set concatlength [llength $b]
  puts $concatlength

  #output
  1 2 3
  a b c
  1 2 3 a b c
  6

  Note: length of output of lappend is 4 whereas for output of concat is 6



8. Difference in {} and "" in TCL
   { } used to defer the expansion of variable,commands,and backslash characters until the code executes

   set i 0
   while {$i < 10} {code to execute}
   is not the same as

   set i 0
   while ”$i < 10” ”code to execute”
   which will always evaluate as true.

Sunday, 12 June 2016

TCl Basic Programs

Basic TCL Programs:
==================

1.TCL program to find the given numeric value is positive or negative using string commands

    set a -10
    if {$a < 0} {
       puts "$a Is a Negative Number"
    } else {
       puts "$a Is a Positive Number"
     }


2.TCL Program to find maximum of 3 given numbers.


set a 100
set b 200
set c 150
if {$a>$b && $a>$c} {
puts “a is bigger and value is $a” } elseif {$b>$a && $b>$c} {
puts “b is bigger and value is $b” } else {
puts “c is bigger and value is $c” }


3. TCL program to find number of vowels in a string using string commands


set str "abcde"
set c 0
set l [string length $str]
puts " Length Of The String = $l"
for {set j 0} {$j<$l} {incr j} {
set b [string index $str $j]
if { $b=="a" | $b=="e" | $b=="i" | $b=="o" | $b=="u"} {incr c}
}
puts " The Number Of vowels Are =$c"


4.TCL program to find out whether the string given by user is palindrome.


set a madam
set len [ string length $a ]
set n [ expr $len/2 ]
for { set i 0 } { $i < $n } { incr i 1 } {
set b [ string index $a $i ]
set c [ expr $len - 1 - $i ]
set d [ string index $a $c ]
if {$b != $d} {
puts "$a is not a Palindrome"
exit
        }
     }
puts "$a is a Palindrome"


5. Write a program that computes the sum of the numbers

   set num 100
   set sum 0
   for {set i 1} {$i<=$num} {incr i} {
   set sum [expr $sum + $i]
    }
   puts "The Sum of number $num is $sum"


6. Write a tcl program to convert decimal to binary


set i 1000
set res ""
while {$i>0} {
set as [expr {$i%2}]$as
        set i [expr {$i/2}]
}
if {$as==""} {
set as 0
}
split $as ""
puts "Binary of decimal number $i is: $as"


7 .Write a tcl program to convert hexadecimal to decimal.


set num 589
    set x [expr 0x$num]
puts "Decimal format = $x"


8.TCL program to swap two numbers .
x = x+y
y = x-y
x = x-y


set a 50
set b 60
set a [expr $a + $b]
set b [expr $a - $b]
puts "b = $b"
set a [expr $a - $b]
puts "a = $a"


9.TCL program to multiply two numbers without using multiplication operator.


set a 5; set b 10; set s 0
for {set i 1} {$i <= $b} {incr i} {
set s [expr $a + $s]
}
puts $s

10. TCL program to get name as input from user. Reverse the name [Using for loop] and print character by character [Using while loop].If you find a space or digit while printing, exit the program at that instance.

#! /usr/bin/tclsh
#input from user
puts "enter a number....."
gets stdin a
set len [string length $a]

for {set i $len} {$i >= 0} {incr i -1} {
set x [string index $a $i]
append b $x
}
puts "$b ...."

set i "0"
while {$i < $len} {
set x [string index $b $i]
if {$x == " "|| [string is digit $x]} {
puts "--->exit due to digit or space"
break
}
puts -nonewline $x
incr i;
}



11. TCL program to  find out the square root of given input


 
set num 256
if {$num < 0} {
puts "Number Entered: $number is -ve number"
} elseif {$num == 0 || $num == 1} {
puts "Square root of $num: is $num"
} else {
set i 1
set s_root 0
while {$num > 0} {
set num [expr $num - $i]
incr i 2
if {$num >= 0} {
incr s_root }
      }
puts "Square Root is: $s_root"
}


12. TCL program to prints the sum of two squares.

set num1 5; set num2 9;
set num1_1 [expr $num1*$num1]
set num2_2 [expr $num2*$num2]
puts "The Sum is:"
set result [expr $num1_1+$num2_2]
puts $result



13.TCL program to reverse a string.


set a manish
set b [string length $a]
puts $b
for {set i $b} {$i >= 0} {incr i -1} {
puts -nonewline [string index $a [expr $i -1]]
}


14. TCl Program to print fabonacci series.

set f1 0
set f2 1
set fibo ""
for {set i 0} {$i < 15} {incr i} {
    set f3 [expr {$f1 + $f2}]
    set f1 $f2
    set f2 $f3
    append fibo "$f1,"
}
puts "Fibonacci Series is $fibo"


15.TCl program to print Factorial of a number:

set fact 1
for {set i 0} {$i <= 10} {incr i} {
    puts "$i! = $fact"
    set fact [expr {$fact * ($i + 1)}]
}

16.How to verify whether system installed with 32 bit or 64 bit TCL library

% parray tcl_platform
tcl_platform(byteOrder) = littleEndian
tcl_platform(machine)   = i686
tcl_platform(os)        = Linux
tcl_platform(osVersion) = 2.6.32-220.el6.i686
tcl_platform(platform)  = unix
tcl_platform(tip,268)   = 1
tcl_platform(tip,280)   = 1
tcl_platform(user)      = manish
tcl_platform(wordSize)  = 4
%

If ->tcl_platform(wordSize) = 4 -> It is a 32 bit TCL.
If ->tcl_platform(wordSize) = 8 -> It is a 64 bit TCL.

Friday, 10 June 2016

VLAN

What is VLAN? How many Types of VLAN?


VLAN:

                VLAN is called as virtual local area network, used in Switches and it operates at layer2( Normally Switches operate at layer 2, May be some switches operates at layer 3 also ).

                A virtual local area networkvirtual LAN or VLAN, is a group of hosts which communicate as if they were attached to the same broadcast domain, regardless of their physical location.

                Vlan can make  “Separate Broadcast domains”               
    VLAN = 1 Separate BROADCAST domain. 

VLAN Header ( Called as 802.1q header)

                In the Ethernet packet, if the ether type is 0x8100, then it indicates there is a VLAN Header in Ethernet header. VLAN Header is of 4 bytes.

https://learningnetwork.cisco.com/servlet/JiveServlet/showImage/2-208610-88824/figure-13-ieee-8021q-vlan1.png 

The Default VLAN ID is 1, The maximum VLAN’s can be configured is 4094.  2 ^12 = 4096 VLANs, But 0 and 4095 are reserved.

Tagged Packets Vs Untagged Packets

Many of the people are confused with Tagged and untagged packets.  The below explanation may remove your confusion.

Tagged packets means “The packet carrying VLAN Information between switches or Switch and Router”. In other words, Packet contains the VLAN header. 

Generally Tagged packets were carried on TRUNK lines( refer below for Trunk explanation).

Untagged packets means “The packet carrying without  VLAN Information(VLAN header) between PC and switch ”.

Generally untagged packets were carried on ACCESS lines( refer below for Access explanation).

Access Link( Access Mode)

The Access links are between PC and SWITCH.  PC sends the untagged packet to switch port it is connected.
The switch port is configured with 1 VLAN ID. Hence, switch will tag the packet while sending  on trunk line to reach to the destination.

All packets arriving, entering or exiting the port are standard Ethernet II type packets which are understood by the network device connected to the port.

There is nothing special about these packets, other than the fact that they belong only to the VLAN the port is configured for. If, for example, we configured the port shown above for VLAN 1, then any packets entering/exiting this port would be for that VLAN only.

In addition, if we decided to use a logical network such as 192.168.0.0 with a default subnet mask of 255.255.255.0 (/24), then all network devices connecting to ports assigned to VLAN 1 must be configured with the appropriate network address so they may communicate with all other hosts in the same VLAN.

 Dot1QTrunking v0.4.jpg


Dot1qPortTag v0.1.jpg

Trunk Mode ( Trunk Link)

What we've seen so far is a switch port configured to carry only one VLAN, that is, an Access Link port. There is, however, one more type of port configuration which we mentioned in the introductory section on this page - the Trunk Link.

A Trunk Link, or 'Trunk' is a port configured to carry packets for any VLAN. These type of ports are usually found in connections between switches. These links require the ability to carry packets from all available VLANs because VLANs span over multiple switches.

The diagram below shows multiple switches connected throughout a network and the Trunk Links are marked in purple color to help you identify them:


Dot1qPacketTags v0.4.jpg




What is Native VLAN:

Native VLAN means carrying untagged frames over the trunk lines.  VLAN 1 is the native VLAN of that switch - means, all the frames leaving this switch are untagged.

Native VLAN is the VLAN that is same on 2 or more switches. any traffic not labeled with VLAN is by default assigned to NATIVE VLAN. as we know that over 2 Switches that are connected to each other, all traffic must be VLAN Tagged, untagged traffic is by default assigned to NATIVE VLAN.

When you now start configuring additional VLAN’s on that switch, like VLAN 2, VLAN 3 and so on, and you want to make it possible that over ONE physical link or port the traffic of different vlans can be transmitted, then the " VLAN tagging" starts. All the frames which don’t belong to the "native" VLAN (VLAN 1) and leave the switch via a 802.1Q trunk port will be tagged, the frames will have a "VLAN Tag".

But - on that trunkport you can also CHANGE the native VLAN for THAT port.
So the native VLAN of the whole switch will still be VLAN1 ,but on for example port FastEthernet 0/2 you can configure a trunk port, and configure that e.g. VLAN 2 should be the native VLAN on THAT port.


interface FastEthernet0/2
switchport mode trunk
switchport trunk native vlan 2

That means - when frames which belong to VLAN 2 leave this trunk port (FastEthernet0/2), then they will NOT have VLAN Tags.
But if in the same time frames which belong to VLAN 1 leave this trunk port, then they MUST be tagged, as there can ONLY be ONE native VLAN configured on a port - or how should the uplink switch be able to differ between the VLAN’s - the uplink switch can only differ between frames which have NO VLAN tag, or frames which HAVE a VLAN Tag with the VLAN ID as value.

If we have a trunk port, and we connect a PC to it, then the PC will be able to read the Ethernet frames coming out of the trunk port - but only that frames which belong to the native vlan, as they dont carry the vlan-tag, which the pc network card cannot deal with..
The native VLAN is always needed if we want to connect devices to a switch which cannot deal with 802.1Q

Types of VLAN:

Virtual LANs fall into the following categories:
  1. Port-Based VLAN: each physical switch port is configured with an access list specifying membership in a set of VLANs.
  2. MAC-based VLAN: a switch is configured with an access list mapping individual MAC addresses to VLAN membership. 


How many types of VLAN Configuration?

  There are two types of configuration of VLANS:
1.       Static VLAN
2.       Dynamic VLAN
Static VLAN:
Static VLANs, requires administrator to configure each port with some VLAN ID. This is like configuring manually the VLANID to each switch port.
To configure, administrator should have the idea about the network.

Dynamic VLAN:
Dynamic VLANs, as opposed to Static VLANs, do not require the administrator to individually configure each port, but instead, a central server called the VMPS (VLAN Member Policy Server). The VMPS is used to handle the on-the-spot port configuration of every switch participating on the VLAN network.

The VMPS server(VLAN AWARE SWITCH) configures the  unaware VLAN switch ports with some VLAN ID as present in the database.

Refer to below links it has a very nice explanation.