DHCP and IP Helper (DHCP Relay)

So here at my good ol’ company, we ran into an issue about a month ago where the DHCP server stopped handing out IP addresses. Come to find out the server was a Windows 2008 R2 and Windows Updates overloaded it. Nonetheless, the machines lost their IP settings as their leases expired and we lost some productivity. I had to quickly setup the 3750X switch as the new DHCP server in a hurry.

Now skip to last week, my director tasks me and the new guy, Evan, with finding a way to add redundancy to DHCP to allow fail over between servers. At Evan’s last gig, they set this up using two Windows servers with one local to the branch office and one centrally located at their data center. They would both advertise the /24 range, but the local server would exclude the last half, while the remote server would exclude the first half.

Continue reading

VLAN Trunking on 3com 2250 (HP 1910) L2 Switch

So I have been tasked with segmenting the traffic at our corporate site. To do this I need to create the VLANs on the switches and then create trunk links. No problem, right?

Well the issue is *not* that we have multiple vendors switches, but that one particular switch does not have a full fledged CLI. Therefore, you cannot create VLANs or a trunk link using the CLI. You have to use the web GUI interface, which means it needs to be assigned an IP. Furthermore, the web GUI operates on the default VLAN (VLAN 1) and despite changing the management VLAN to another, you cannot access the web frontend without VLAN 1 having an IP address…

Nonetheless, here is the quick and dirty setup:
Continue reading

Tricky NAT and VPN

So we have a client that we are looking to do some inbound telemarketing for and everything seems to be going good. Everyone on our team is getting along with everyone on the client’s team and we all understand what needs done.

The first thing that needs completed is a L2L VPN between our ASA and the client’s PIX. Here are the requirements:

1) Private IPs are not allowed to traverse the VPN
2) Need a PAT for users connecting to the clients Terminal Server (initiated from users)
3) Need a Static NAT for connections between AES of Avaya and client’s Verint server (connection is bidirectional, so can be initiated by either side)
4) Need a Static NAT for connections between CLAN of Avaya and client’s Verint system (connection is bidirectional, so can initiated by either side)
Continue reading

Barracuda Web Application Firewall

Recently, we purchased a Barracuda Web Application Firewall (WAF) 460 to parse user input for a couple of our critical web-applications. Namely, those that need to touch our Credit Card environment. Now just for clarification purposes, I am NOT a web application administer in the least bit. Yes, I can write scripts in PHP with MySQL in the back-end. Nonetheless, I was tasked with setting up this appliance.

So I get the device, push a trunk to my desktop switch, and start digging into the device. Basically, out-of-the-box the WAF will work and will stop users from issuing SQL Injections, Cross Site Scripting (XSS), Data Mining (CC / SSN Numbers), Cookie Poisoning, etc. Yet, this may not be what is needed in your environment.
Continue reading