- 44
- 343 448
Doctor Networks
United Arab Emirates
เข้าร่วมเมื่อ 30 พ.ค. 2012
How NAT Saved The Internet - Technical Overview
In this video, we will understand What is NAT or Network Address Translation & we will also look at Public IP & Private IP Addresses in terms of NAT (Network Address Translation).
We will review the IP protocol numbers & Network communication to understand how the different types of NAT work.
0:00 Understand the need for Network Address Translation (NAT)
01:45 IP Classes Overview
02:29 What are Public IP Addresses
02:57 What are Private IP Addresses
03:20 Which IP Addresses are Private IPs?
03:54 Which IP Addresses are considered Public?
04:48 IP Protocol Numbers
06:11 How Systems communicate on a Network
08:26 Type Of NAT (Network Address Translation)
08:41 NAT Overload/PAT
09:14 Static NAT
10:00 Dynamic NAT
We will review the IP protocol numbers & Network communication to understand how the different types of NAT work.
0:00 Understand the need for Network Address Translation (NAT)
01:45 IP Classes Overview
02:29 What are Public IP Addresses
02:57 What are Private IP Addresses
03:20 Which IP Addresses are Private IPs?
03:54 Which IP Addresses are considered Public?
04:48 IP Protocol Numbers
06:11 How Systems communicate on a Network
08:26 Type Of NAT (Network Address Translation)
08:41 NAT Overload/PAT
09:14 Static NAT
10:00 Dynamic NAT
มุมมอง: 259
วีดีโอ
Cisco ACI Contracts - Concepts & Configurations
มุมมอง 1.1K4 หลายเดือนก่อน
In this video we will discuss Cisco ACI contracts & configure them on a Cisco ACI fabric. Verification will also be done as we proceed with the lab. Time Stamps 00:00 Cisco ACI Contracts Intro 02:50 ACI Contracts Lab Walkthrough 07:50 Configuring the ACI Tenant 08:16 Creating the VRF & the Bridge Domain 09:52 Assigning a Network in a Bridge Domain 11:12 Creating an Application Profile 11:27 EPG...
Configuring the Cisco ACI Policy Model
มุมมอง 2.1K8 หลายเดือนก่อน
In this video we will configure the Cisco ACI Policy Model STEP by STEP, we will configure all ACI components from scratch so that the we can cover the following on a real Cisco ACI Lab. ACI EPG to DOMAIN ISSUE UPDATE The EPG was not binded to the Physical domain & yet the communication began to work because of a bug as mentioned in this Cisco Forum. In later releases it may be fixed. community...
Eve NG Installation on VMware Player STEP BY STEP
มุมมอง 1.7K8 หลายเดือนก่อน
In this video we will have do a STEP by STEP on how to install Eve-NG on VMware Player. EVE-NG Download Link: www.eve-ng.net/index.php/download/ VMWARE PLAYER: www.vmware.com/go/downloadplayer
Dynamic NAT that works with overlapping Networks !
มุมมอง 6088 หลายเดือนก่อน
In this video we will perform a lab on Dynamic NAT with overlapping networks in two different organizations.
How to do Conditional NAT on Cisco IOS Router
มุมมอง 1.5Kปีที่แล้ว
In this video we will look at conditional NAT on Cisco IOS Routers. This NAT triggers based on source & destination of an IP packet.
Nat Overload with Multiple ISP's
มุมมอง 6Kปีที่แล้ว
In this video, we will be understanding how the Cisco IOS router handles Dual or more ISP of Internet links landing on your Cisco router.
Cisco Route Map's for NAT (Network Address Translation)
มุมมอง 2.2K2 ปีที่แล้ว
In this video, we will be understanding route-maps in general but our focus will be on route maps for NAT (Network Address Translation).
ASA Active/Standby Failover - Detailed Lab
มุมมอง 4.9K2 ปีที่แล้ว
ASA Active/Standby Failover - Detailed Lab
Outside Local Address Explained with Lab !
มุมมอง 9672 ปีที่แล้ว
In this video we will do a lab on Destination NAT, cisco implements destination NAT with the use of Outside Local Addresses. We won't just look a Destination NAT, we will also look at Twice NAT. NAT Terms (Inside local, Inside Global, Outside local & Outside Global) Video Link: th-cam.com/video/IxWVQDf EA/w-d-xo.html
Nat Exemption - Demystified !
มุมมอง 2.3K2 ปีที่แล้ว
In this video we understand & apply NAT Exemption on a Cisco router
Citrix X-Forwarding feature | How to get the source IP of users
มุมมอง 3.3K2 ปีที่แล้ว
In this video we will understand & configure X-Forwarding Feature on Citrix ADC to get the client source IP address. Citrix Trace Filter CONNECTION.SRCIP.EQ(20.1.1.10)&&CONNECTION.DSTIP.EQ(20.1.1.11)&&CONNECTION.DSTPORT.EQ(80)||CONNECTION.DSTIP.EQ(20.1.1.12)&&CONNECTION.DSTPORT.EQ(80)
Port Forwarding with Multiple Servers | NAT Advanced Series | Lecture#1
มุมมอง 12K2 ปีที่แล้ว
Port Forwarding with Multiple Servers | NAT Advanced Series | Lecture#1
Cisco ISE 3.0 : Guest Access via Self Registration from Scratch
มุมมอง 27K2 ปีที่แล้ว
In this video, we will have look at Cisco ISE guest registration via self registration portal from scratch. For ISE certificate installation guide refer to the below video link th-cam.com/video/77N_tUc0-Ng/w-d-xo.html 0:00 Guest Access ISE 0:19 Guest Self Registration Overview 01:53 Guest Topology Overview 04:39 Configuring WLC as NAD 06:01 Configuring ISE as AAA on WLC 08:06 Configure Guest SS...
InterVlan routing on Fortigate Firewall | Lecture#5
มุมมอง 55K3 ปีที่แล้ว
In this video, we will be looking at inter Vlan routing & communication between two hosts residing in different vlans.
Deploying Fortigate Firewall | Lecture#4
มุมมอง 12K3 ปีที่แล้ว
Deploying Fortigate Firewall | Lecture#4
Cisco ISE : Password Is Expired. Please Reset your admin password.
มุมมอง 3.7K3 ปีที่แล้ว
Cisco ISE : Password Is Expired. Please Reset your admin password.
FortiGate Firmware/Image Upgrade | Lecture#3
มุมมอง 5K3 ปีที่แล้ว
FortiGate Firmware/Image Upgrade | Lecture#3
FortiGate Initial Setup & FortiCloud Connectivity
มุมมอง 7K3 ปีที่แล้ว
FortiGate Initial Setup & FortiCloud Connectivity
Cisco ISE: LDAP & LDAPS Integration | STEP BY STEP
มุมมอง 7K3 ปีที่แล้ว
Cisco ISE: LDAP & LDAPS Integration | STEP BY STEP
DYNAMIC NAT LAB || NAT Beginner's Series || LECTURE#7 (Series finale)
มุมมอง 4013 ปีที่แล้ว
DYNAMIC NAT LAB || NAT Beginner's Series || LECTURE#7 (Series finale)
STATIC NAT & STATIC PAT LAB || NAT Beginner's Series || LECTURE#6
มุมมอง 1.1K3 ปีที่แล้ว
STATIC NAT & STATIC PAT LAB || NAT Beginner's Series || LECTURE#6
Cisco NAT Overload or PAT LAB || NAT Beginner's Series || LECTURE#5
มุมมอง 1.5K3 ปีที่แล้ว
Cisco NAT Overload or PAT LAB || NAT Beginner's Series || LECTURE#5
NAT Order Of Operations || NAT Beginner's Series || LECTURE#4
มุมมอง 1.1K3 ปีที่แล้ว
NAT Order Of Operations || NAT Beginner's Series || LECTURE#4
NAT Terms, Outside LOCAL, Outside GLOBAL, Inside LOCAL & Inside GLOBAL Addresses
มุมมอง 10K3 ปีที่แล้ว
NAT Terms, Outside LOCAL, Outside GLOBAL, Inside LOCAL & Inside GLOBAL Addresses
ASA Group Lock (LOCAL & AAA) with Cisco DUO Multifactor Authentication
มุมมอง 1.5K3 ปีที่แล้ว
ASA Group Lock (LOCAL & AAA) with Cisco DUO Multifactor Authentication
Cisco Router NAT Beginner's Series Teaser || Doctor Networks
มุมมอง 2463 ปีที่แล้ว
Cisco Router NAT Beginner's Series Teaser || Doctor Networks
Cisco ISE : Installing External CA Signed Certificate | STEP BY STEP
มุมมอง 25K3 ปีที่แล้ว
Cisco ISE : Installing External CA Signed Certificate | STEP BY STEP
Awesome work bro.
Thank you! Cheers!
Best video I came across so far!
Great to hear that 🙂😊 Glad that it helped you
Preparing for A+ Core 2 and this is the only video I have found that explained RADIUS and TACACS+ in a way I understood, so nice work!
I'm glad it was helpful to you!
Thank you for the great tutorials-very informative and concise! I’ve just subscribed. I hope you can add more basic content for FortiGate to help beginners .
You are welcome, I'm glad it was helpful, & I'm planning to make more beginner-friendly videos in the future 😊
Hi DN! I recently purchased a FortiGate 60F, and I’m new to FortiGate. I’m having trouble with VLAN routing until I came across your content here on TH-cam. Here is my current setup: Ports 1-3 (VLAN 0): Internal LAN (10.2.1.0/24) Port 4 (VLAN 4): WiFi subnet (10.2.4.0/24) Port 5 (VLAN 5): Printer subnet (10.2.5.0/24) I want Ports 1-3 (VLAN 0) and Port 4 (VLAN 4 - WiFi) to communicate with VLAN 5 (Printer)
Hi bro, I believe firstly you need to check if all the hosts can atleast ping their respective default gateways that you have configured on fortigate. For Example a host in VLAN 5 should be able to ping the VLAN 5 interface you have configured on your fortigate. Once done As you are new, i recommend creating a permit all policies for all interfaces & check if communication is working between vlans & then slowly tighten the firewall policies by specifying networks instead of ANY/ALL.
@@doctor.networks THank you DN, I hope you can make a video scenario like mine, my AP is just a home grade Asus RX router or TPLink Decos.
Awesome
😊
Salam Ahmed, Your explanation was very clear and well-presented, Thanks
Waslam, Thank you & I'm glad it was helpful to you 😊
Nicely explained how to set up Contracts. Thx.
You are welcome, Glad it was helpful!
Thank you this helped so much.
Glad it was helpful 👍
Great video helped me clear things out 💯
Glad to hear it!
Please make a video on bridge domain with Good analogy. That would be really helpful. Especially with a epg mapped to one BD with multiple subnets and Explain why is that scenario needed. Thank you
Noted, will try to make a video on it soon.
@@doctor.networks Thankyou
Thanks for sharing, best explanation ever.
Glad it was helpful!
Can you create some content on DDNS ssl vpn and ipsec
Amazing explanation. Thank you so much!
Welcome 😊
Great and to the point
Thanks bro, Good to know you liked it
If I want (full) 2-way communication between 2 (or more) EPGs, does that mean I need two contracts between each EPG where one is the provider *and* consumer (one in each direction)? Like, if one isn't *only* providing a service to another, but both are providing (and consuming) to each other.
Yes exactly, you would need two set of contracts. The same way I configured for one, you configure for the other side as well. Thanks for the comment 👍
So, at the end with the "re-using" All the config guides I've seen so far, made a Switch Profile for 1 switch and an Interface Profile for 1 Port. Now, if I have a Fabric with 100+ Leafs and thousands of Servers, I'd be doing profiles for months and whenever there's a new server and/or a new leaf, I'd clicking through tabs and profiles for days. Does that mean it's possible to create 1 "master" profile to use for all Leafs and another "master" profile for all ports on a leaf? Or maybe a 'few' general ones depending on what you want to connect and you're good to go? If every (bare metal) server and/or port needs its own profile, it would be pure madness in a bigger fabric. I mean, normally, ports are all configured the same/similarly (for standard servers) and only the VLANs change (or now the EPG deployment on a port).
Normally you will not have to go thru all this again & again, you have a quick way to create profiles in ACI as well. Moreover the problem mainly comes between the VPC & NON VPC ports(Normal Access/Trunk). If you dedicate everything as NON VPC & your server team is OK with it then a master profile can work. But I know that somewhere you're going to need VPC's then it will be a little hasle removing those interfaces from profiles & creating a VPC profile for them.
@@doctor.networks Thank you for the reply! The networking team in our company and I are still pretty "old-school". We're using legacy NX-OS without anything fancy like VXLAN, so all of this looks extremely unintuitive to me. Right now, when the server team tells us they need 4 channeled ports, we SSH on the the VPC pairs in the rack, copy our VPC template over the ports, allow the VLANs they need and that's pretty much it. And when the server gets removed later on, we simply default the port. Having to do a switch profile for every leaf and then a new interface profile for every used port seems like a *lot* of extra work rather than simplifying it. After having done all the profiles and policies and whatnot, you then also still need to go in the EPGs menu and link all the needed EPGs to the ports. (Which can be a whole lot, like we have server that access 20-30 VLANs, so instead of "sw trunk allowed vlan 100-130", it's going through 30 individual EPGs menus now...?) And when the server gets decommissioned, you have to find and delete profiles (among the hundreds or thousands others) and remove the static bindings in the EPGs. You have every switch and port accessible from the same system, which is super cool, but if having to go through a dozens of menus takes more time than SSH-ing to the switches and configuring the ports manually, something about the whole ACI things seems odd to me. -- We've ordered a lab for next month and I'll be trying your videos to build it myself and experiment a little before having a session with our cisco rep over what the best approach for our usecase and current hiearachy is.
thank you!
It was indeed insightful video. A quick question, is it safe to enable xforwarder, I was just wondering if xforwarder is exposing the Citrix backend infrastructure to somebody who is logging in from Internet? Is my understanding correct? Is it not a security issue? Look forward to seeing your response.
Thanks mate. Appreciate your comment, X forwarding only pulls out the client source IP (which could be a Internet Public IP) & puts that in the HTTP header, that packet will be sent to the backend servers. There is nothing as such that will be exposed to the client actually so i think it's pretty safe.
Thanks alot. I wasn't getting an ip address and i now know why.
Great guide. Thank you! Thanks for all the other videos you do as well. I'm learning a lot!
You are welcome brother 👍
I am trying to configure a text sms message with this radius option but its only working with the Duo push approval option. Is there anything specific to be done to get a sms text ?
Bro it's been a long time since I have looked into Duo 😀 but you would certainly need to have a SMS API setting in the duo cloud. check if it's supported
Very cool I didnt know you could clone policies in reverse.
Hello, you forgot to mention that DNAT is necessary if the 10.1.1.0/24 subnet from BLIZZ wants to communicate with the 10.1.1.0/24 subnet of CENTICS.
Single trunk link is enough to get All vlans from switch pls.tell.reason for three links to switch
Hi Sandeep. It is a single physical Interface. There are 3 logical interfaces with vlan tags,same as you would do via a trunk.
Beautiful bro❤
Thank you so much 😀
thanks man. but i have question regarding upgrading from forticloud. is the way possible if there is two firewalls in HA
Welcome bro. Ye 100% will work with HA firewalls as well.
@@doctor.networks thanks bro
nice work bro. keep it up
Great video! Thanks.
I'm glad it helped
Very informative session , Can you provide any if they are an overlapping network how destination work there
salam,ahmad bhai,have u recorded videos for ISE 3.0
Waslam, No brother didn't had the time but in future InshAllah will do.
It was an amazing video and helped me a lot. please create a video for a simple application like a web server and it's database and the EPGs for each one of them and show the communication end to end
Thanks man glad it helped. I'll have to see how I can do a lab which involves DB & WEB
Bro is saving my life rn ! :)
hhhhh what do you mean by "rn"?
I don't know if you still read comments here. But I've been having trouble with the differences between TACACS+ and RADIUS. This video completely cleared up every question I had about it plus a few more I didn't even know I had. Thank you so much for the video! Great content!
I still read comments here brother 😀 You are very welcome. When I was making this video I didn't knew it would help so much people. I'm happy that it helped you.
Really good video
Glad you liked it Brother
this should be on the homepage for everyone
I'll put it there 😀
Why need this much of policies for intervlan, i think just create a zone and add the vlan's to that zone, that's bettee to simplifying 😊
Yeah but but you may need different policies for a set of vlans, you can actually create multiple zones referencing multiple vlans. The video is to give a concept that's why kept it simple. Obviously zones will be a better approach in the long term.
thank you, keep going on
Welcome, Yes sure will do 🙂
Superb explanation, thanks for sharing
You are welcome brother
cli login problem, root and eve is not working
I think recently they changed it to username eve & password eve aswell
@@doctor.networks after reinstalling 5-6 times its working now.
ACI is new modern network solution, please help do for more.
Yes bro working on 2 new videos on ACI
thanks for sharing this VDO, this is really helpful Thanks❤❤
You are welcome @netconfig999. Nice channel name by the way 😀
ACI EPG to DOMAIN ISSUE UPDATE ============================ The EPG was not binded to the Physical domain & yet the communication began to work because of a bug as mentioned in this Cisco Forum. In later releases it may be fixed. community.cisco.com/t5/application-centric-infrastructure/epg-without-a-physical-domain-association/td-p/4462831
Super ! 😀
Thank you! Cheers!
Hi bro, Would you recommend having a professional Eve community license. The purchase one as i see the free have bugs
Recently I haven't been using the Pro addition, but yes if you can buy it i would definitely recommend. It has other owsam features too
Great, diameter missing😢
Bro I don't think there is much use of it nowadays actually. You need to learn it for deployment or just for knowledge?
@@doctor.networks yes bro, At least in Latin America we still deploy 4G, Volte. Thanks for your answer 💪🏾
my question is why do you match interface gi0/1? why just match the ACL
Thanks. I am still on 29:30 and I saw your securecrt colors. How you have two color settings like blue for Home-RTR and white for commands?
Hi, It's actually via regular expressions & all devices get that color. Here is how you do it. Navigate to Session Options >> Appearance >> Highlight Keywords & then edit. Put in the following in the word section one by one & set the color as needed: [^#]+# [^>]+>
@@doctor.networks Thanks. I think I tried this before but doesnt work for me. I have some key highlight already set but will try again. What is your font and size? I
@@doctor.networks Now it works :)
Good stuff, thanks. Same situation, only ISPs (Gi1 and Gi2 in your diagram) are each in a different VRF - Internet1 and Internet2. I've tried the config you demonstrated but it doesn't work, presumably because of the VRFs. (Gi0 / Inside is GRT). When I use a basic NAT statement as in a single ISP (no route-map), it works, but of course I must change the nat manually or use EEM triggered by IP SLA tracked object. So, what am I missing? Will this even work with VRF's? I have seen similar NAT use cases where it simply won't work when overloading an interface, must be a different IP - is this one of those cases? TIA!
Hi Gary, interesting scenario. Now rather then asking you a bunch of questions, I would request if you could send the running config of your router to info@doctornetworks.net. I will be happy to assist (No charges).
@@doctor.networks Stay tuned - coming your way.