▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Qmail + LDAP installation and configuration example full by Undercode :
> t.me/UndercodeTesting

🦑𝕃𝔼𝕋' 𝕊 𝕊𝕋𝔸ℝ𝕋 :

> SMTP access control
Allow the local host to send
messages via SMTP: echo '' 127.:allow,RELAYCLIENT = "" "" '' >> / etc / tcp.smtp
qmailctl cdb to
stop the installed MTA.

🦑 If the MTA is Sendmail, you should use one of the following commands to stop sendmail work:
/etc/init.d/sendmail stop
/ sbin / init.d / sendmail stop
/etc/rc.d/init.d / sendmail stop
or the following command to stop
kill PID-of-sendmail
uninstall Sendmail through the following command:
rpm -e --nodeps sendmail
Finally, use the qmail version of sendmail instead of the system / usr / lib / sendmail sendmail:
mv / usr / lib / sendmail /usr/lib/sendmail.old # ignore errors
mv / usr / sbin / sendmail /usr/sbin/sendmail.old # ignore errors
chmod 0 /usr/lib/sendmail.old / usr / sbin /sendmail.old # ignore errors
ln -s / var / qmail / bin / sendmail / usr / lib
ln -s / var / qmail / bin / sendmail / usr / sbin

🦑 Note: It is important to generate '' sendmail links because there are Many applications involve sending mail.
The last step generates the system alias (aliases)
echo alias> /var/qmail/alias/.qmail-root
echo alias> /var/qmail/alias/.qmail-postmaster
ln -s .qmail-postmaster / var / qmail / alias / .qmail-mailer-daemon
chmod 644 /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-postmaster
start qmail
qmailctl start
add pop3 service
Generate / var / qmail / supervise / qmail-pop3d / run script contains the following content:
#! / Bin / sh
exec / usr / local / bin / tcpserver -v -R -H -l 0 0 110 / var / qmail / bin / qmail-popup
longshine.com / bin / checkpassword / var / qmail / bin / qmail-pop3d Maildir 2> & 1
Generate / var / qmail / supervise / qmail-pop3d / log / run The script contains the following content:
#! / bin / sh
exec / usr / local / bin / setuidgid qmaill / usr / local / bin / multilog t
/ var / log / qmail / pop3d
creates a log directory so that the script can be executed and links this service to / service:
chmod + t / var / qmail / supervise / qmail-pop3d
mkdir / var / log / qmail / pop3d
chown qmaill / var / log / qmail / pop3d
chmod 755 / var / qmail / supervise / qmail-pop3d / run
chmod 755 / var / qmail / supervise / qmail -pop3d / log / run
ln -s / var / qmail / supervise / qmail-pop3d / service
add the following to the qmailctl script:
in the "" start "" part of qmailctl '':
if svok / service / qmail-pop3d; then
svc -u / service / qmail-pop3d
else
echo qmail-pop3d service not running
fi
in the "" stop "" part of qmailctl '':
echo "" qmail-pop3d ""
svc -d / service / qmail-pop3d
in "" stat "of qmailctl '' "" Part:
svstat / service / qmail-pop3d
svstat / service / qmail-pop3d / log
in the "" pause "" part of qmailctl ":
echo" "Pausing qmail-pop3d" "
svc -p /service/qmail-pop3d
在qmailctl''的 ""cont"" 部分:
echo ""Continuing qmail-pop3d""
svc -c /service/qmail-pop3d
: In qmailctl '' the "" restart "" section
. "* Restarting qmail-pop3d" "echo"
SVC -t /-Service / qmail-pop3d
/ script added to the hosts / etc
172.18.6.111 longshine.com
qmail Test

🦑 Test Installation:
You can refer to the TEST.deliver and TEST.receive documents to test whether it is working properly. Note that the log is generated by multilog instead of splogger.
Test Pop3 and SMTP service
　　first start qmail mail server, and then test, use the following command:
　　local testing:
　　#run_mail
　　#netstat -na | grep 25
　　#netstat -na | grep 110
　　#telnet localhost 110
　　the User the Test
　　Pass the Test
　　List
　　RETR 1
　　remote testing :
　
🦑 　Use the graphical mail client (such as outlook, foxmail, etc.) under Windows to test the sending and receiving of mail.
Add LDAP support for qmail

> 　qmail can replace the traditional Pop3 authentication of / etc / passwd through LDAP, in order to improve the efficiency of authentication and effectively support large-volume mail customers. In order to enable qmail to obtain LDAP support, it is necessary to add a LDAP authentication patch on the basis of qmail Package, it is best to use the new compressed package of qmail, specific operations use the following command:
　　#rm -rf qmail-1.03
　　#zip-zxvf qmail-1.03.tar.gz
　　#gunzip qmail-ldap-1_03-20010301_patch.gz
　　#cd qmail- 1.03
　　#patch -p1 <../ qmail-ldap-1.03-20010501.patch
　　After the patch package is printed , you need to modify the qmail

🦑 Makefile to configure the corresponding LDAP information, as follows (here only explain what must be modified, the rest For options, please refer to the QLDAPINSTALL.TXT document):
　　1) -LDAPFLAGS = -DCLEARTEXTPASSWORD
　　Configure whether to use a clear text password in the LDAP directory.
　　2) -LDAPLIBS =
　　LDAP interface library configured, in this case:
　LDAPLIBS = -L / usr / local / lib -L / usr / X11R6 / lib / modules -lldap -llber -lldap_r -lpthread -lresolv
　　4) -SHADOWLIBS = -lcrypt -lshadow
　　-SHADOWOPTS = -DPW_SHADOW
　　Configure the password authentication method used.
　　After the Makefile settings are modified, recompile the qmail source file, then overwrite and install qmail, use the following command:
　　#make setup check
install openldap
zip -zxvf openldap-2.07.tgz
cd openldap-2.07
./configure
make depend
make
make test
su root -c '' make install ''
such that openldap installation is completed
　Create the corresponding LDAP support file under / var / qmail / control /:
　　#cat ldapserver
　　172.18.6.111
　　#cat ldapbasedn
　　dc = longshine, dc = com
　　#cat ldapobjectclass
　　qmailUser
copies qmail.schema to the corresponding directory of openldap
cp /usr/local/src/qmail/qmail-1.03/qmail.schema / usr / local / etc / openldap / schema /.
Edit the configuration file / usr / local / etc / openldap / slapd.conf)
database ldbm
suffix ""dc=longshine,dc=com""
rootdn ""cn=Manager,dc= longshine ,dc=""
rootpw secret
directory / usr / local / var / openldap-ldbm
add the corresponding shema file
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/qmail.schema
start SLAPD.
su root -c / usr / local / libexec / slapd in
order to detect whether openldap is running And configured correctly. You can execute the ldapsearch command to check. By default, ldapsearch is installed in / usr / local / bin / ldapsearch:
ldapsearch -x -b '' '' -s base '' (objectclass = *) '' namingContexts
should see
dn:
namingContexts: dc = longshine,
dc = com increases the initial population of the directory.
Is divided into two steps:
generating an LDIF file
running ldapadd

is editor generates an LDIF file contains the following:
dn: dc =,dc=
objectclass: dcObject
objectclass: organization
o:
dc:
dn: cn=Manager,dc=,dc=
objectclass: organizationalRole
cn: Manager
The content of my Manager.ldif file is dn: dc = longshine, dc = com, dc = cn
objectclass: dcObject
objectclass: organization
o: longshine
dc: longshine
dn: cn = Manager, dc = longshine , dc = com
objectclass: organizationalRole
cn: Manager
now runs the ldapadd program
ldapadd -x -D "" cn = Manager, dc = longshine, dc = com "" -W -f /root/manager.ldif
if you want to enter the password as secret .
Add qmail user information to generate test.ldif file
dn: cn = testUser, dc = longshine, dc = com
cn: testUser
sn: testUser
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: qmailUser
mail: test@longshine.com
mailHost: longshine.com
mailMessageStore: / home / test / Maildir /
mailQuota: 1000000S, 100C
uid: test
userPassword: test
qmailUID: 508
qmailGID: 508
Note qmailUID, qmailGID can be queried through the / etc / passwd file. Use the following command to enter
ldapadd -x -D "" cn = Manager, dc = longshine, dc = com "" -W -f /root/test.ldif
if you want to enter the password as secret.

> Include the following content in the / var / qmail / supervise / qmail-pop3d / run script:
#! / Bin / sh
exec / usr / local / bin / tcpserver -v -R -H -l 0 0 110 / var / qmail / bin / qmail-popup
longshine.com / var / qmail / bin / auth_pop / var / qmail / bin / qmail-pop3d Maildir 2> & 1Test
LDAP:
ldapsearch -x -b '' '' -s base '' (objectclass = * ) ''
What command does namingContexts use to check whether the added time is correct. Can be used if not correct
ldapdelete -x -D "" cn = Manager, dc = longshine, dc = com "" -w secret "" cn = testUser, dc = longshine, dc = com ""
Delete, and then add it again.
LDAP-based authentication Pop3 test
after the above steps, the health of the qmail new test system, mainly from the following three tests, using the following command:
local test
Refer TEST.deliver TEST.receive and methods.
Pop3 + SMTP test
telnet localhost 25 and telnet localhost 110
test tool
# / var / qmail / bin / qmail-ldaplookup -u test
# / var / qmail / bin / qmail-ladplookup -m test@exmaple.com
is also available under Windows Graphic mail clients (such as outlook, foxmail, etc.) to test the sending and receiving of mail.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Qmail + LDAP installation and configuration example full written by Undercoders

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Napster Premium Accounts verified login and send screanshoats @Undercode_Testing
twitter.com/UndercodeNews


iclopton0001@gmail.com:bln27222456 | Country = US | Subscription Type = Napster unRadio | Auto-Renew = True


icucclay@msn.com:jc125436 | Country = US | Subscription Type = Napster unRadio | Auto-Renew = True


igor8789@yahoo.com:sweatshirt | Country = US | : Subscription Type = Downloads Only | Auto-Renew = False



ilaiashdot2004@yahoo.com:kadursheleg | Country = US | Subscription Type = Downloads Only | Auto-Renew = False


ilavant@msn.com:nph96jsu | Country = US | Subscription Type = Downloads Only | Auto-Renew = False


ilivmopar@yahoo.com:1971demon | Country = US | Subscription Type = Downloads Only | Auto-Renew = False


imcxs@yahoo.com:091900 | Country = US | Subscription Type = Downloads Only | Auto-Renew = False


immortal8@gmail.com:izabele | Country = US | : Subscription Type = Downloads Only | Auto-Renew = False


incoherently@gmail.com:Smiley04 | Country = US | Subscription Type = Downloads Only | Auto-Renew = False


index28@live.com:toontown1 | Country = US | : Subscription Type = Napster unRadio | Auto-Renew = True


Ingridhendrix2@yahoo.com:Williams1 | Country = US | Subscription Type = Downloads Only | Auto-Renew = False


inkanu2007@yahoo.de:kamczatka26 | Country = DE | Subscription Type = Aldi Life Musik-Flat | Auto-Renew = True


jake.edgar@gmail.com:snake3732 | Country = US | : Subscription Type = Downloads Only | Auto-Renew = False


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 BEST RATS FOR HACKING :(PAYLOADS)- GITHUB TOPIC :


Thefatrat ⭐️4,123
Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection .

Quasarrat ⭐️3,071
Remote Administration Tool for Windows

Stitch ⭐️1,525
Python Remote Administration Tool (RAT)

Evilosx ⭐️1,446
An evil RAT (Remote Administration Tool) for macOS / OS X.

Rat ⭐️1,128
Compose shell commands to build interactive terminal applications

Lime Rat ⭐️549
LimeRAT | Simple, yet powerful remote administration tool for Windows (RAT)

Powershell Rat ⭐️524
Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Asyncrat C Sharp ⭐️442
Open-Source Remote Administration Tool For Windows C# (RAT)

Awesome Rat ⭐️424
RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video.

Lilith ⭐️414
Lilith, The Open Source C++ Remote Administration Tool (RAT)

Rat Via Telegram ⭐️363
Windows Remote Administration Tool via Telegram

Kage ⭐️354
Kage is Graphical User Interface for Metasploit Meterpreter and Session Handler

Python Rootkit ⭐️309
Python Remote Administration Tool (RAT) to gain meterpreter session

Blacknet ⭐️254
Free advanced and modern Windows botnet with a nice and secure PHP panel.

Ghost ⭐️221
👻 RAT (Remote Access Trojan) - Silent Botnet - Full Remote Command-Line Access - Download & Execute Programs - Spread Virus' & Malware

Caesar ⭐️211
An HTTP based RAT (Remote Administration Tool) that allows you to remotely control devices from your browser

Androrat ⭐️189
AndroRAT | Remote Administrator Tool for Android OS Hacking

Poet ⭐️182
Post-exploitation tool


Torat ⭐️146
ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication


Vanillarat ⭐️146
VanillaRat is an advanced remote administration tool completely coded in C# for Windows.


Ghost ⭐️139
Ghost Framework is an Android post-exploitation framework that uses an Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration.

N00brat ⭐️135
Remote Administration Toolkit (or Trojan) for POSiX (Linux/Unix) system working as a Web Service


Proton ⭐️127
Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.

Pandasniper ⭐️119
Linux C2 框架demo，为期2周的”黑客编程马拉松“，从学习编程语言开始到实现一个demo的产物

Outis ⭐️107
outis is a custom Remote Administration Tool (RAT) or something like that. It was build to support various transport methods (like DNS) and platforms (like Powershell).

Green Hat Suite ⭐️106
Green-hat-suite is a tool to generate meterpreter/shell which could evade antivirus.

Paradoxia ⭐️106
Advanced Attack toolkit, Fully Undetectable RAT / Botnet, Instagram Brute Force and Password Spraying over Tor, Mass Emailer, Malicious file Sentinel and more.

Client ⭐️89
Windows, OS X and linux RAT client

Spacecow ⭐️81
Windows Rootkit written in Python

Blackworm ⭐️76
Black Worm Offical Repo

Mass Rat ⭐️74
Basic Multiplatform Remote Administration Tool - Xamarin

Teleshadow3 ⭐️69
Telegram Desktop Session Stealer

BlackRAT - Java Based Remote Administrator Tool

Tinkerershell ⭐️53
A simple python reverse shell written just for fun.

Droidjack ⭐️19
Este troyano para Android es uno de los más completos. Con él vamos a poder tener acceso a remoto a todo el dispositivo infectado, desde la agenda, las llamadas y los SMS hasta el micrófono y las cámaras del smartphone. Todo.

Orwell Rat And Botnet ⭐️18
Orwell is a RAT and Botnet designed as a trio of programs by Landon Powell.

Skyrat ⭐️16
SkyRAT - Powershell Remote Administration Tool

Technowhorse ⭐️64
TechNowHorse is a RAT (Remote Administrator Trojan) Generator for Windows/Linux systems written in Python 3.

Slickermaster Rev4 ⭐️62
NSA Hacking Tool Recreation UnitedRake

C Sharp R.a.t Client ⭐️60
This is a c# client for the c# R.A.T server
Blackrat ⭐️59




🦑 BEST RATS FOR HACKING :(PAYLOADS)- GITHUB TOPIC
> FROM WIKI - VERIFIED BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#ENJOY
T.me/UndercodeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Network configuration-LAN implementation VLAN example full by Undercode :
instagram.com/UndercodeTesting


🦑 computer network technology has developed from traditional Ethernet (10Mb / s) to Fast Ethernet (100Mb / s ) And Gigabit Ethernet
(1000Mb / s) are only a few years away, and the rapid momentum is surprising. Nowadays, in the construction of large and medium-sized networks,
the mainstream network model called "Gigabit backbone running, 100M to the desktop" with Gigabit Layer 3 switches as the core is numerous. Now, the
network industry is no stranger to the terms "Layer 3 switching" and VLAN.

1. What is Layer 3 switching and VLAN?
To answer this question, let's first look at the working principle of Ethernet. The working principle of Ethernet is to use
bytes formed by binary bits to form a frame of data (in fact, some electrical pulses) to propagate in the wire. First of all,
the nodes on the Ethernet network segment that need to perform data transmission monitor the wires. This process is called CSMA / CD
(Carrier Sense Multiple Access with Collision Detection with collision detection
). If, at this time, another node is transmitting data, the listening node will have to wait until
the transmission task of the transmitting node ends. If there are exactly two workstations ready to transmit data at a time, the Ethernet network segment will issue a
"conflict" signal. At this time, all workstations on the node will detect the conflict signal because the voltage on the wire exceeds the
standard voltage. At this time, any node on the Ethernet segment must wait for the conflict to end before it can transmit data. In other words, in CSMA
In the / CD mode, only one node can transmit data on the wire at a time. The networking
equipment that forwards Ethernet data frames is a hub, which is a layer of equipment with low transmission efficiency.
The occurrence of conflicts reduces the bandwidth of Ethernet, and this situation is inevitable. Therefore, when there are
more and more nodes on the wire, the number of conflicts will increase. The obvious solution is to limit the nodes on the Ethernet wire and need to
physically segment the network. Network devices that physically segment the network use bridges and switches. The basic
function of bridges and switches is to only send information to other physical network segments. Therefore, if all information is only sent to the local physical network segment,
then no information will pass through the bridge and the switch. This can effectively reduce conflicts on the network. Bridges and switches
make forwarding decisions based on the target MAC (Media Access Control) address. They are Layer 2 devices. We already know the
shortcomings of Ethernet and the impact of conflicts in the physical network segment. Now, let's take a look at another reason that causes the network to slow down:
broadcast. Broadcasts exist on all networks. If they are not properly controlled, they will flood the entire network and
generate a lot of network communication. Broadcasting not only consumes bandwidth, but also reduces the processing efficiency of user workstations. Each of various
reasons like, the network operating system (NOS) using broadcast, TCP / IP using the broadcast MAC address resolution from the IP address, so that also
advertises by using broadcasts RIP and IGRP protocol, therefore, is inevitable broadcast . Bridges and switches will
forward all broadcast information, but routers will not. Therefore, in order to control the broadcast, you must use a router. The router
makes the forwarding decision based on the Layer 3 header, target IP addressing, target IPX addressing, or target Appletalk addressing. The router is a
layer 3 device.
Here, we can easily understand the three-layer switching technology. In layman's terms, it is a technology that combines routing and switching into one.
After a first router for routing data stream, will produce a MAC address and IP address mapping table, when the same number of

time data stream through again, this will be exchanged according to the mapping table directly from the floor rather than re-routing , To provide wire-speed performance, thereby
eliminating the network delay caused by router routing, and improving the efficiency of data packet forwarding.
Switches that use this technology are often referred to as Layer 3 switches.
So, what is VLAN? VLAN (Virtual Local Area Network) means virtual local area network.
VLAN does not consider the user's physical location, but logically divides the user into
working groups with relatively independent functions according to factors such as function and application . Each user host is connected to a VLAN-supporting switch port and belongs to a VLAN .
Members in the same VLAN share the broadcast to form a broadcast domain, and broadcast information between different VLANs is isolated from each other. In this
way, the entire network is divided into multiple different broadcast domains (VLANs).
Generally speaking, if a workstation in a VLAN sends a broadcast, then all workstations in the VLAN will
receive the broadcast, but the switch will not send the broadcast to any port on other VLANs. If you want to send the broadcast
to other VLAN ports, you need to use a Layer 3 switch.

Second, how to configure Layer 3 switches to create VLANs The
following descriptions are all based on VLANs of Cisco switches. Cisco's VLAN implementation is usually port-centric. Section with
a port connected to the determined point VLAN it resides. There are two ways to assign ports to VLANs, which are static and dynamic
The process of forming a static VLAN is the process of forcibly assigning ports to VLANs. That is
, the process of establishing a VLAN on the VTP (VLAN Trunking Protocol) Server, and then assigning each port to the corresponding VLAN.
This is the most common method we use to create VLANs.
The formation of dynamic VLAN is very simple, and the port determines which VLAN it belongs to. That is, we first create a VMPS
(VLAN Membership Policy Server) VLAN management policy server, which contains a text file, which
stores the MAC address table mapped with VLAN. The switch determines which VLAN the port is assigned to based on this mapping table. This method
has great advantages, but creating a database is a very difficult and tedious task.
The following example illustrates how to implement VLAN in a typical fast Ethernet local area network. The so-called typical LAN refers to
a core switch with Layer 3 switching function connected to several branch switches (not necessarily with Layer 3 switching capability). We
assume that the core switch name is: COM; the branch switches are: PAR1, PAR2, PAR3 ..., which are
connected to the core switch through the optical module of Port 1 ; and the VLAN names are COUNTER, MARKET, MANAGING ...

1. Set VTP DOMAIN VTP DOMAIN is called the management domain. All switches that exchange VTP update information must be configured to the same
management domain. If all switches are connected by trunks, as long as a management domain is set on the core switch,
all the switches on the network are added to the domain, so that all switches in the management domain can understand each other's VLAN list.
COM#vlan database ....

To ensure that the management domain can cover all branch switches, trunks must be configured. The Cisco switch can support any medium
as a trunk line, in order to achieve trunking can use its unique ISL label. ISL (Inter-Switch Link) is a
protocol that transfers multiple VLAN information and VLAN data flows between switches, switches and routers, and switches and servers.
By configuring ISL encapsulation on ports directly connected to switches, The VLAN assignment and
configuration of the entire network can be performed across the switch .

The configuration on the core switch side is as follows:

COM (config) #interface gigabitEthernet 2/1
COM (config-if) #switchport
COM (config-if) #switchport trunk encapsulation isl
COM (config-if) #switchport mode trunk
COM (config) #interface gigabitEthernet 2/2
COM (config-if) #switchport
COM (config-if) #switchport trunk encapsulation isl
COM (config-if) #switchport mode trunk
COM (config) #interface gigabitEthernet 2/3
COM (config-if ) #switchport
COM (config-if) #switchport trunk encapsulation isl
The configuration of COM (config-if) #switchport mode trunk

on the branch switch is as follows:

PAR1 (config) #interface gigabitEthernet 0/1
PAR1 (config-if) #switchport mode trunk
PAR2 (config) #interface gigabitEthernet 0/1
PAR2 (config -if) #switchport mode trunk
PAR3 (config) #interface gigabitEthernet 0/1
PAR3 (config-if) #switchport mode trunk
......

At this point, the management domain is set up.

3. Create a VLAN

Once you have established a management domain, you can create a VLAN.
COM (vlan) #Vlan 10 name COUNTER created a VLAN with the number 10 name COUNTER
COM (vlan) #Vlan 11 name MARKET created a VLAN 11 with the name MARKET VLAN
COM (vlan) #Vlan 12 name MANAGING created A VLAN named 12 named MANAGING
...

note that the VLAN here is established on the core switch, in fact, as long as it is established on any
switch in the management domain whose VTP attribute is Server, it will Notify all switches in the entire management domain through VTP. But if you want
If the port of the switch is assigned to a VLAN, it must be set on the switch to which the port belongs.

4. Assign the switch port to VLAN

For example, to assign PAR1, PAR2, PAR3 ... the port 1 of the branch switch to the COUNTER VLAN, port 2 to the MARKET VLAN,
port 3 to the MANAGING VLAN ...

PAR1 (config) #interface fastEthernet 0/1 configure port 1
PAR1 (config-if) #switchport access vlan 10 belong to COUNTER VLAN
PAR1 (config) #interface fastEthernet 0/2 configure port 2
PAR1 (config-if) #switchport access vlan 11 belong to MARKET VLAN
PAR1 ( config) #interface fastEthernet 0/3 configuration port 3
PAR1 (config-if) #switchport access vlan 12 home MANAGING VLAN
PAR2 (config) #interface fastEthernet 0/1 configuration port 1
PAR2 (config-if) #switchport access vlan 10 home COUNTER VLAN
PAR2 (config) #interface fastEthernet 0/2 configuration port 2
PAR2 (config-if) #switchport access vlan 11 belongs to MARKET VLAN
PAR2 (config) #interface fastEthernet 0/3 configuration port 3
PAR2 (config-if) #switchport access vlan 12 Home MANAGING VLAN
PAR3 (config) #interface fastEthernet 0/1 configuration port 1
PAR3 (config-if) #switchport access vlan 10 Home COUNTER VLAN
PAR3 (config) #interface fastEthernet 0/2 Configure port 2
PAR3 (config-if) #switchport access vlan 11 Home MARKET VLAN
PAR3 (config) #interface fastEthernet 0/3 Configure port 3
PAR3 (config-if) #switchport access vlan 12 Belonging to the MANAGING VLAN
……

5. Configure Layer 3 switching

At this point, the VLAN has been basically divided. However, how to implement Layer 3 (network layer) switching between VLANs? At this time, it is necessary to
assign network (IP) addresses to each VLAN. There are two cases for assigning IP addresses to VLANs. One is to assign
static IP addresses to all nodes in the VLAN; and the other is to assign dynamic IP addresses to all nodes in the VLAN. The following two cases are introduced separately.

We assume that the interface IP address assigned to VLAN COUNTER is 172.16.58.1/24, and the network address is: 172.16.58.0,
The interface IP address assigned by VLAN MARKET is 172.16.59.1/24, the network address is 172.16.59.0,
the interface IP address assigned by VLAN MANAGING is 172.16.60.1/24, and the network address is 172.16.60.0 ... If the IP address
is dynamically assigned, set the IP address of the DHCP server on the network to 172.16.1.11.

(1) Assign static IP addresses to all the nodes

in the VLAN First set the interface IP addresses of each VLAN on the core switch as follows:

COM (config) #interface vlan 10
COM (config-if) #ip address 172.16.58.1 255.255.255.0 VLAN10 interface IP
COM (config) #interface vlan 11
COM (config-if) #ip address 172.16.59.1 255.255.255.0 VLAN11 interface IP
COM (config) #interface vlan 12
COM (config-if) #ip address 172.16 .60.1 255.255.255.0 VLAN12 interface IP
…

and then set the IP address of each VLAN-accessed computer to be consistent with the network address of the VLAN to which it belongs, and set the default gateway as
the interface address of the VLAN. In this way, all VLANs can also visit each other.

(2) Assign dynamic IP addresses to all the nodes

in the VLAN. First, set the interface IP address of each VLAN and the IP address of the DHCP server on the core switch as follows:
COM (config) #interface vlan 10
COM (config-if) #ip address 172.16.58.1 255.255.255.0 VLAN10 interface IP
COM (config-if) #ip helper-address 172.16.1.11 DHCP Server IP
COM (config) #interface vlan 11
COM (config-if) #ip address 172.16.59.1 255.255.255.0 VLAN11 interface IP
COM (config-if) #ip helper-address 172.16.1.11 DHCP Server IP
COM (config) #interface vlan 12
COM (config-if) #ip address 172.16.60.1 255.255.255.0 VLAN12 interface IP
COM (config-if) #ip helper-address 172.16.1.11 DHCP Server IP

...

and then set the network addresses on the DHCP server to be 172.16.58.0, 172.16.59.0, 172.16 .60.0 scope,
and set the "router" option of these scopes to the interface IP address of the corresponding VLAN. In this way, you can ensure that all VLANs
can also visit each other.

Finally, perform network settings on each computer connected to the VLAN, and set the IP address option to obtain an IP address automatically.

3. Summary

This article is a summary of the author's actual work. The author tries to explain the whole process of creating VLAN in plain text.
And given the detailed setting steps, as long as you have some understanding of the IOS of Cisco switches, it is not difficult to understand this article. Follow
the steps shown in this article step by step, you can create multiple VLANs for a typical Fast Ethernet network





---- At the beginning of the enterprise network, due to its small size, narrow application area, and knowledge of Internet access The low level and
lack of knowledge about network security and management make the enterprise network limited to the exchange mode. There are two main switching technology
ways: Ethernet frame switching and cell switching based on ATM, which has greatly improved performance relative to the shared network, but
all in one IP or IPX network segment network device Speaking, it is in the same broadcast domain. When the number of workstations is large and the
information flow is large, it is easy to form a broadcast storm, which seriously affects the operation speed of the network and even easily leads to network paralysis. How to
avoid this problem? It is a good choice to divide the network.

---- In the network mode using switching technology, the network structure is generally divided by means of dividing physical network segments. From the
aspects of efficiency and security, this kind of structure division has certain defects, and to a large extent limits the flexibility of the network.
Because if you want to separate a broadcast domain, you must purchase another switch, and you need to re-wire manually. Fortunately,
the emergence of virtual local area network (Virtual Local Area Network, VLAN) technology solves the above problems. In fact, a VLAN
is a broadcast domain. It is not limited by geographic location and can span multiple LAN switches. A VLAN can
divide network users in different geographic locations into a logical network segment according to department functions, object groups, or applications. For LAN switches,
Each port can only be tagged with one VLAN, all ports in a VLAN have a broadcast domain, and
ports in different VLANs share different broadcast domains, thus avoiding the occurrence of broadcast storms. It can be said that in a switched network, VLAN
provides a flexible combination of network segments and organizations.

---- In general, a large-scale enterprises, which are generally affiliated with more than two units, in order to ensure that different departments tube
management convenience and security, and stability of the overall operation of the network, you can use VLAN technology division To divide the virtual network.
Below, we analyze the actual case to let everyone understand and master the true meaning of applying VLAN technology.

Network status

---- A large lifting equipment company has 2 subordinate units, mainly engaged in R & D, service and sales. Due to
geographical location relatively far apart, yet the scale of business development and growth in the beginning of the establishment of enterprises, corporate headquarters, two units 1 and two single
-bit 2 were established independent network environment, each network systems are used to exchange technology The main mode, the backbone of the three networks all use
Gigabit Ethernet technology. The company's headquarters central switch adopts Cisco Catalyst 6506 product, which is an
engine with three-layer routing , which can make the enterprise network have a strong upgrade capability. The central switch of each secondary unit uses Cisco Catalyst 4006.
Other second and third level switches use Cisco Catalyst 3500 series switches, mainly because the Catalyst 3500 series
switches have high performance and stackability.

Demand analysis
Due to the rapid development of business, the head office and the two secondary units urgently need unimpeded information exchange, so that the company ’s general manager
The Ministry can conduct more direct and effective management of the two subordinate units, and then achieve the purpose of sharing information among the three parties. Therefore, it is
imperative to link the three independent subnets into a unified network.
Figure 1 shows a schematic diagram of the interconnection of three subnets of the Hoisting Equipment Corporation to form a unified network. The three subnets are
interconnected using Gigabit Ethernet technology. In order to avoid the bottleneck problem caused by the trunk, Trunk technology (that is, dual
gigabit technology) is adopted when each subnet is interconnected , so that the network bandwidth reaches 4GB, which not only increases the bandwidth, but also provides link redundancy and improves The overall
network has high-speed, stable and safe operating performance.
However, as the network scale continues to expand, information traffic gradually increases, and personnel management becomes increasingly complex,
which brings new hidden dangers to the safe, stable, and efficient operation of the enterprise network . How to eliminate these hidden dangers? VLAN division technology can solve this problem.
According to the business development needs of the Lifting Equipment Corporation, we will divide the networked unified network into 5 virtual subnets, namely
: manager office subnet, financial subnet, supply and marketing subnet and information center subnet, and the rest are classified as A subnet.
Since the IP address of the unified network is on the 192.168.0.0 network segment, we can assign the IP address of each VLAN as follows.
Manager Office Subnet: 192.168.1.0 ～ 192.168.2.0 / 22 Gateway: 192.168.1.1
Financial Subnet: 192.168.3.0 ～ 192.168.5.0 / 22 Gateway: 192.168.3.1
Supply and Marketing Subnet: 192.168.6.0 ～ 192.168.8.0 / 22 Gateway: 192.168.6.1
Information center Subnet: 192.168.7.0/24 Gateway: 192.168.7.1
Server subnet: 192.168.100.0/24 Gateway: 192.168.100.1
Other subnets: 192.168.8.0 ～ 192.168.9.0 / 22 Gateway: 192.168.8.1


Detailed design

---- When dividing VLANs, Cisco products are mainly based on 2 types Standard protocols: ISL and 802.1q. ISL is
an inter-VLAN interconnection encapsulation protocol developed and designed by Cisco that is commonly used in all Cisco network products. This protocol is optimized for
information flow processing and multimedia applications in the hardware platform of Cisco network equipment . The 802.1q protocol is
an international normative standard issued by the IEEE802 committee in 1996.

---- In this case, because all the Cisco network equipment is used, the ISL protocol is used in the interconnection between VLANs
(for the interconnection of different network equipment, this article has a corresponding introduction at the end).

---- We can see from Figure 1 that the central office switch adopts Cisco Catalyst 6506, and its level 2 nodes are
Catalyst 3508 and Catalyst 3548. The Catalyst 3508 switch has 8 Gigabit Ethernet ports and utilizes the
Catalyst 3500 series The stacking capacity of the switch can expand the number of workstations at any time. The edge switch uses
Catalyst 3548 with a Gigabit module. The second level unit's central switch uses Cisco Catalyst 4006, and its second level nodes
and edge switches also use Catalyst 3548. The connection between the company headquarters and each secondary subsidiary unit adopts the ISL package
Trunk mode, connected by 2 groups of optical fibers (between Catalyst 6506 and Catalyst 4006), which not only solves the
interconnection problem between VLANs , but also improves network bandwidth and system redundancy, and provides reliable guarantee for the interconnection of three subnets . For
the connection to the Internet, the interface is 2MB DDN dedicated line access, and each secondary unit accesses the Internet through the Proxy of the company headquarters.
The management of the Internet is planned by the company headquarters information center.

---- It should be noted that, in this case, the division of VLAN covers each switch, so the connection between switches
must use the Trunk method. Since the manager office and the supply and marketing subnet represent two problems in VLAN division: the division of the extended switch VLAN
and the port VLAN, we will introduce the manager subnet and the supply and marketing subnet to VLAN in detail.

Manager-managed VLAN

---- Because the LAN switch where the manager-managed workstation is located is divided into multiple VLANs and connected to multiple VLAN workstations,
the connection between the switch and its upper-layer switch must be trunked (see Figure 2).

---- The company headquarters adopted Catalyst 3508 and Catalyst 6506, the second-level unit 1 adopted Catalyst 3548 and
Catalyst 4006, and the second-level unit 2 adopted Catalyst 3548 and Catalyst 4006.

Supply and Marketing VLAN
Although a switch covers multiple VLANs, it must be connected by Trunk, but in the distribution of supply and marketing VLAN, the supply and marketing in
its second unit 1 is independent of the switch Catalyst 3548, so here, the Catalyst 3548 and the second center
The Catalyst 4006 switch only needs to use a normal switched connection (as shown in Figure 3). For this part of the supply and marketing VLAN
division, as long as the Catalyst 4006 is connected to the port connected to the Catalyst 3548. This is a
port-based VLAN division.
Since the two Catalyst 4006 and the main central switch Catalyst 6506 use a dual-fiber channel connection, which shields
the occurrence of line faults between the Catalyst 4006 and the Catalyst 6506,
the centralized network routing is managed based on the Catalyst 6506. Below we make an introduction to routing between VLANs.
Set the VLAN routing on the central switch Catalyst 6506 as follows.
Manager Office VLAN: 192.168.1.1/22
Financial VLAN: 192.168.3.1/22
Supply and Marketing VLAN: 192.168.6.1/22
Information Center VLAN: 192.168.7.1/24
Other VLANs: 192.168.8.1/22
Set the routing protocol RIP on the central switch Or OSPF, and specify the network segment 192.168.0.0. Execute
the following commands in the global configuration mode .
router rip network 192.168.0.0
Since the IP address is on the 192.168.0.0 network segment, the IP address assignment for each VLAN is as follows.
Manager subnet: 192.168.1.0, subnet mask: 255.255.255.0, gateway: 192.168.1.1.
Financial subnet: 192.168.2.0, subnet mask: 255.255.255.0, gateway: 192.168.2.1.
Supply and marketing subnet: 192.168.3.0, subnet mask is 255.255.255.0, gateway: 192.168.3.1.
Information center subnet: 192.168.4.0, subnet mask: 255.255.255.0, gateway: 192.168.4.1.
Server subnet: 192.168.100.0, subnet mask: 255.255.255.0, gateway: 192.168.100.1.
Remaining subnets: 192.168.8.0, subnet mask is 255.255.255.0, gateway: 192.168.8.1.
According to the above IP address allocation, it is not difficult to see that the number of network terminals in each subnet can reach 254, which fully meets the current
or future application needs, and at the same time reduces the management workload and enhances the management intensity.

Precautions
Note: Because the VLAN division of the Hoisting Equipment Corporation's unified network system is designed as an overall structure
, in order to maintain consistency with the VLAN list, Catalyst 4006 is required to broadcast the rest of the overall network.
Therefore, when setting up VTP (VLAN Trunk Protocol), pay attention to the VTP domain as a whole, where the VTP types are
Server and Client.
Some enterprises build the network earlier, if the network equipment selected is the product of other manufacturers, and the products in the later period cannot be compared with the earlier period.
Unification, so that you will encounter some problems in the division of VLAN. For example,
to divide VLANs in the mixed network structure of Cisco products and 3COM products, the encapsulation protocol of the Cisco network equipment trunk must use 802.1q to achieve
the purpose of communicating with 3COM products . Although the normal division of VLAN and normal application can be established between the two
, the coordination between the two is slightly worse. When the connection between the two changes, you must use the Clear Counter command on the Cisco switch
to clear it so that the two can work in harmony.

VLAN The
so-called VLAN means that nodes in different physical locations form different logical subnets according to needs, that is, a VLAN is a
logical broadcast domain, which can cover multiple network devices. VLAN allows network users in different geographical locations to join a
logical subnet and share a broadcast domain. The creation of VLANs can control the generation of broadcast storms, thereby improving
the overall performance and security of the switched network.
VLANs are completely transparent to network users. Users do not feel any difference from the switched network in use,
but they are very different for network administrators, because it mainly depends on the advantages of VLANs.
1.
There are two main ways to control broadcast storms : physical network segmentation and VLAN logical segmentation.
2. Improve overall network security
Through VLAN allocation principles such as routing access lists and MAC address allocation, you can control user access rights and logical network
segment sizes.
3. Simple and intuitive network management
For switched Ethernet, if some users reassign network segments, network administrators need
to readjust the physical structure of the network system , and even need to add network equipment to increase the workload of network management. For
a network using VLAN technology, only the network management personnel needs to redistribute the VLAN segment of the user in the network management center
.

About the Trunk method
Trunk is independent of VLAN and simulates multiple physical links as a logical link between VLAN and VLAN connection
. The Trunk method can not only connect different VLANs or the same VLAN across multiple switches, but also increase
the physical connection bandwidth between switches and enhance the redundancy between network devices. Because based VLAN switch among the switches
of the ports belong to each VLAN segments, if a VLAN ports for cascade between network devices, which the network device is
a network terminal in his VLAN membership and will not Communicate with VLAN network terminals of other network equipment. In view of this,
the cascading between network devices must use the Trunk method, so that the port does not belong to any VLAN, which means that
the cascading link between the network devices built by the port is a common channel for all VLANs to communicate.

4 strategies
for VLAN division 1. Port-based VLAN division
Port-based VLAN division is the simplest and most effective division method. This method only requires the network administrator to
reassign the switch port of the network device , regardless of the device connected to the port.
2. VLAN division based on MAC address
The MAC address actually refers to the identifier of the network card. The MAC address of each network card is unique and solidified on the network card. The MAC
address is represented by a 12-digit hexadecimal number, the first 8 digits are the manufacturer's logo, and the last 4 digits are the network card logo.
VLAN division based on MAC address is actually a combination of VLAN based on workstation and server.
This solution is also a good method when the network scale is small , but with the expansion of the network scale, the increase of network equipment and users will greatly
increase the difficulty of management.
3. VLAN division based on routing The
routing protocol works at the network layer, and the corresponding working devices include routers and routing switches. This method allows a VLAN to span
multiple switches, or a port in multiple VLANs.
4. VLAN division
based on policy VLAN division based on policy is a more effective and direct way. This mainly depends on
the strategy adopted in VLAN division . For now, the above methods 1 and 3 are mainly adopted for the division of VLAN, and the second method is an auxiliary solution.

The application of VLAN in network management
1. Preface The
computer network of Guangzhou Branch is part of the second phase of the "100 Networking" project of the Chinese Academy of Sciences. The network center equipment was installed and
operated in early 1998. With the development of user access and network applications, it is running, Encountered many problems in management. While there has been gradual improvement of network
distribution center equipment and servers and the establishment of appropriate management systems, some issues can be resolved and control, but to prevent a
few recalcitrant users often use unauthorized IP access problems can not be solved, network management personnel It takes a lot of energy for this. At that
time, I wanted to do IP-MAC binding on the border router, but because CSTNET considers the overall security of the network, the border router has the right to manage
Controlled by the hospital network center, Guangzhou branch network node is two, such as the IP-MAC binding on the border router, unfavorable
to network monitoring and management, a number of events that may occur can not respond quickly, so It is actually not feasible. Solving the
problem can only be started on the network center equipment of Guangzhou Branch.
Second, the network structure configuration and solution
Since 4500 is only equipped with high-speed port f0, the rest are asynchronous ports, so that the border routing Cisco 2514 can only access the Catalyst 3200,
and form a "flat structure" structure with all LANs, which causes inherent deficiencies to prevent IP theft problems .
From the analysis of the Catalyst 3200 virtual network function, it can be seen that in addition to the advantages of the virtual network function itself,
the high-speed ports of the Catalyst 3200 switch and Cisco 4500 router support ISL (InterSwitch Link) and VTP (VLAN TRUNK PROTOCOL),
which provides for enhanced network management. Strong technical guarantee. By setting the virtual network on the Catalyst 3200 port, and then according
to the principle of the physical location, working nature, and network communication load of the network users as much as possible, all network users are included in different
virtual subnets. Each subnet passes through the Catalyst 3200 and Cisco 4500. The high-speed port connection-routing, and then bind the IP-MAC to the
Cisco 4500 may achieve the intended purpose.
3. Configuration of virtual subnet VLAN
1) . Configuration of VLAN and VTP on Catalyst 3200 switch enters Catalyst 3200 console via hyper terminal
a). Set VLAN management domain and enter "SET VTP AND ...", select "VTP ADMINISTRATION"
CONFIGURATION "Set the VALN management domain name" GIETNET "; VTP mode is" SERVER ".
B). Set VLAN and TRUNK: Connect all subnet switches and HUBs to the 10MB or
100MB ports of the Catalyst 3200 , and assign VLANs according to the above principles , And divide these ports into virtual networks as follows:
This setting is to select "LOCAL VLAN PROT CONFIGURATION" from the CONFIGURATION of the console
, specify the VLAN and TRUNK port, and fill all 3 VLANs into the TRUNK port configuration sheet In the end, the
following is shown as
2). The setting of
the Cisco 4500 router "splits" the f0 port of the Cisco 4500 into the corresponding "sub-ports" according to the number of subnets. According to the ISL
(InterSwitch Link) number set by it , proceed with the corresponding subnet Logical connection. In this example, f0 is divided into f0.1,
f0.2, and f0.3 to connect to VLAN1, VLAN2, and VLAN3, and the configuration commands are as follows:
router # config t
router (config) #int f0.1
router (config-subif) #Description VLAN1_GIET
router (config-subif) #ip address 192.168.111.1 255.255.255.192
router (config-subif) #encapsulation isl 2
..
router (config) #int f0.2
router (config-subif) #Description VLAN2_gzbnic
router (config-subif) #ip addess 192.168.111.65 255.255.255.192
router (config-subif ) #encapsulation isl 3
..
Ctl Z
wr is

set up, and then ask the Beijing Network Center to point all relevant subnet routing items in the border router to Cisco 4500, and the user's
gateway is set according to its subnet router address.

3). Establish an ARP table on the Cisco 4500 router
To strengthen network management and prevent IP theft, establish an ARP table on the Cisco 4500 router to bind all subnet IPs to the corresponding
network card MAC addresses, as well as unused IP Binding, such as:
ARP 192.168.111.130 0800.3c5d.419f ARPA (the allocated IP has a network card address)
.
ARP 192.168.111.169 0000.0000.0000 ARPA (unallocated IP without a network card address)
When the registered network user needs to change the network card, it needs to obtain the confirmation and consent of the network management personnel, and it will not be possible
for the illegal thief (see below); In addition, security control measures such as access control lists can be set according to the specific situation.

Fourth, the system characteristics

After the combination of virtual network settings and IP-MAC binding, the characteristics of the network system:
1). Take advantage of VLAN
Reasonably allocate network resources, balance network load, effectively reduce online broadcast information, and facilitate group management of users.
2). Enhanced network security
Because the subnets of the network are isolated from each other, network communication is limited to the subnet; traffic or outbound communication between the subnets all pass through
their corresponding routing ports, which strengthens the control capacity of the Cisco 4500 to the entire network. And the
validity of user IP is checked by the ARP table on 4500 .
3) enhance network management, billing reasonable
as 2), due to the configuration of the virtual network coupled Cisco 4500 matching check of the IP-MAC, IP theft than the average so that the
more difficult binding site, on the grounds that In this configuration structure, even if you want to steal, the communication is limited to this subnet (the range of activity is
greatly reduced, and the possibility of being caught on the spot is increased); IP-MAC matching verification on the Cisco 4500 makes billable IP theft
Unable to use (theft becomes meaningless), so as to achieve a reasonable charge and effectively improve network management and control capabilities.
This work was completed last year and the operation is stable and meets the requirements.


Explanation of terms:
1). VLAN TRUNK PROTOCOL (VTP):
Use VTP to set and manage VLANs in the entire domain. VTP automatically publishes configuration information in the management domain.
TRUNK connections, such as Switch Interconnect (ISL), 802.10, and ATMLAN (LANE) When the switch is powered on, it periodically
sends out VTP configuration requests until it receives the neighbor's summary broadcast information, which is necessary for structural configuration Update.
The VTP configuration of the switch has three modes: server, client and transparent mode.

2). ISLTRUNK ISL relays different VLAN multi-lane packets, and the packet header carries the "ISL VLAN number" flag (VTP VLAN ID).
CISCO switches support VLAN list
1900 series standard version: no VLAN
1900 series enterprise version: support 1024 ISL VLAN
2926: support 1000 ISL VLAN
2948G: support 1024 802.1Q VLAN
2912XL / 2912MF XL / 2924XL / 2924C XL / 2924M XL Support 64 ISL 802.1Q VLAN
6006600965066509 Support 1000 VLAN
4003 4006 Support 1024ISL (L3) /802.1Q
5002 5000 5500 5505 5509 Support 1000 VLAN

E N J O Y

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁