G-Talk for Fedora

I love to do work in Fedora although i am not a Linux professional but i am trying for learning and working in it as i am Network Engineer by Profession, I was looking for gtalk for my fedora i consult my teacher Nayyar Ahmad (He is RHCE, http://nayyares.blogspot.com) so he advice me to download pidgen and use it if you don't have just click here pidgen and you can download it, for me it was so simple as in Fedora-11 it is there by default.

Now configuration of Pidgen comes in so again i found sir Nayyar Ahmad blog very useful so here you can find the detail information.

Cheers

OSPF over IPv6

Why we need IPv6? There were some limitation in IPv4 i.e. Major Limitation was address space shortage and Minor linitation was Packet fragmentation (The default size is 1500 bytes, if a packet size is more than 1500-bytes so the packet is fragmentaed and again the packets are reassembaled at the other side. So the first and short term solution was to slow down the consumption by using DCHP server, NAT etc and another to introduces new routed protocl (long term solution) to which they called Ipng (IP next generation) and later on after developing they called it IPv6. For example, In Japan IPv6 in almost fully implemented.
Now we can assign IPv6 address on routers, pc just like IPv4, and we can also run different routing protocol on this, in this blog I will talk about OSPF over IPv6.
We have two routers and configure IPv6 addresses as show under on both routers and also the detail configuration steps of assif-gning IPv6 addresses on routers.

Router_1 serial 0/1 2001:0:0:2::1/64
Router_1 Fastethernet 0/0 2001:0:0:1::1/64
Router_2 serial 0/1 2001:0:0:2::2/64
Router_2 Fastethernet 0/0 2001:0:0:3::1/64

First of all we have to enable IPv6 on routers as by default IPv4 is enable, so to enable IPv6 we have

Router_1 (config) # ipv6 unicast-routing

Now to assing address on each interace on Router_1, the detail steps are as folllow

Router_1 (config) # interface serial 0/0
Router_1 (config-if) # ipv6 address 2001:0:0:2::1/64
Router_1 (config-if) # no shutdown
Router_1 (config) # interface fastethernet 0/0
Router_1 (config-if) # ipv6 address 2001:0:0:1::1/64
Router_1 (config-if) # no shutdown

To assing address on each interace on Router_2, the detail steps are as folllow

Router_2 (config) # interface serial 0/0
Router_2 (config-if) # ipv6 address 2001:0:0:2::2/64
Router_2 (config-if) # no shutdown
Router_2 (config) # interface fastethernet 0/0
Router_2 (config-if) # ipv6 address 2001:0:0:3::1/64
Router_2 (config-if) # no shutdown

Now to see the routing table of Router_1, we have the command

Router_1 # show ipv6 route---------------------------output shown in the figure.

Now to run OSPF on both router to ping each other fastethernet IP as they are different network ID, so

Router_1 (config) # interface serial 0/1
Router_1 (config-if) # ipv6 ospf 1 area 0

Note ./.OSPF v3-4-NORTRID: OSPF v3 process 1 could not pick a router-id, please configure manually

So remember one thing that to configure ospf on IPv6 and there is no IPv4 on that router so it will not take router id bydefault so we have to configure router-id manually and that router-id will be 32-bit ipv4 formate ip. So to configure router-id manually we have

Router_1 (config) # ipv6 router ospf 1
Router_1 (config-rtr) # router-id 10.1.1.1

Router_1 (config) # interface serial 0/1
Router_1 (config-if) # ipv6 ospf 1 area 0
Router_1 (config) # interface fastethernet 0/0
Router_1 (config-if) # ipv6 ospf 1 area 0

Do the same configurations on Router_2 as we did above just with different router-id say 20.1.1.1 for Router_2. Now see the roputiong table of Router_1, so the Router_2 fastethernet route is learened via ospf, see the figure show by red boxes.

IPv6 is difficult to remember so there is a concept of Mapping, we can map an IP against a text, say in my case I have map the Router_2 fastethernet ip with name of “lhrip” see the command for it on the figure shown with green boxes.

Router_1 (config) # ipv6 host lhrip 2001:0:0:3::1
Router_1 (config) # ping lhrip

The output of the ping command can be seen from the figure, output is show and highlighted by green boxes.

I hope it will be informative for you.

Thank you for reading.

Network Administrator post in Sui Gas

Back in January 2009, one day i opened Sui Northern Gas web page and i saw "New Posts", i got happy and as i opened the link there they advertised some posts of Network Administrator, System Administrator, Engineers and some Management Staff on career basis, my interest was in "Network Administrator", so i applied for the post and submit all the relevant information. In march 2009 i received call from the head office that you have to appear for written test of Network Administrator conducted by NTS (National Testing Service) on Saturday, 4th April 2009, Test Time is 1:00 PM at ICMS Hayatabad. It was computer based test so we get the result at that time and i scored 61 marks in that test. Later on, In June 2009 i received an email from HR that you have to appeared for an interview on June 23, 2009. That was the happiest moment for me as i got a chance to prove my skills in front of them and will get this job INSHALLAH. Thee interview was in Head Office (Lahore, Pakistan) and its almost 500 km far from my home. on June 22nd night i was too excited about the interview and i was busy in preparing my self like collecting my all documents, degrees, certificates, also got with a suit and prepared my self to be there for interview. The interview timing were 09:00 am Sharpe (they have mention in the interview letter).

22nd June: In the morning when i get up......! opss i was not feeling well really as i feel vomiting, headache and also got problem in my stomach, anyway i prepared my self and went for my class (CCNP i am teaching from 10:00 to 12:00) and then i went for Bus and start my journey, on the way i did vomiting three times, felt so pain in my head and backbone but i said i will go and i reached Lahore at 11:00 pm in the night, i just took some water and green tea and went to bed for rest.

23rd June: In the morning the conditions were the same, but i took bath and took my documents and other stuff and went for interview when i reached office the time was 08:35 am and they told us to wait in the basement. we all guys (came for interview) were waiting there and at 09:30 a female and a male came with pen, stapler in hands and call one by one and checked their documents and send a group of around fifteen people to floor 5th for interview, It was 12:00 o'clock when our group turn comes, when my turn come they call my name

Person: SOHAIL
Me: Yes i am
Person: Please come
Me: ok

I entered the room and there were just three people in the panel, they said sit.

Question # 1: so sohail what are you doing?
Me: I am currently doing job, am working as a Instructor in NSIT and working in the same organization on contract basis.

Question # 2: When is your contract expires? (Ohhh Bullshit Question)
Me: In August 2009

Question # 3: Ok, how u relate your experience with this post?
Me: As i have done my Honour Graduation in Information Technology, have done with different international certifications like CCAN, CCNP, CCSP (SNPA), JNCIA-EX and also done with course work of MCSE, Orcale (DBA, 8i) and currently studying CCIE (Routing and Switiching) and in July i will get my two certification JNCIS and JNCIA-ER also and am working from last one and half year in the same field and as i am currently working in the same organization and so i am aware of the network etc.

Question # 4: what are the devices in Regional Office?
Me: Router 2600 series, switches 3550, 3560 etc.

They Said Thanks...........and i went out, now when i came out all the students were screaming and said is this is an interview, like in these two or three question how can they judge a student that whether he/she have sufficient knowledge or not, because from all students they ask just these two or three question, even not a single technical question although the job is pure technical.

One surprising thing is that in all areas like Engineering, Management etc they have call students who have marks more than 60, only in IT post they have call people who have scored till 50, because all those for which they have announce this post scored less that 60 marks, Thats what i think?.

In interview from Engineers they ask OK what do you think about Pakistan present situation, what do you think about the 20-20 cricket, do you watch etc.......They will select great Engineers.

And Pakistan says that we haver no Talent, we are backward country, if the case is like this they will be like this in future also.

Regards

Object ACL

There are many types of ACL (Access Control List) like Standard, Extended, Time-Based, Named-Based etc; here I will talk about Object Access Control List (OACL). Object ACL is used to create object of ACL like for thousand of ACL we can create one object and likewise we can have many objects and we can call all those object in one object (Just Like we do in programming). For example we have source01 (Nayyar, Ahmad, Superman) and source02 (Sohail, Akhtar, Mastermind) and we have source03 in which we call both these objects.

According to the topology we have an inside router on which security level is 100 and outside router on which security level is 0 because we have to keep security level high on our inside so that no one from outside can access (as traffic is not allowed by default from low security level to high security level) our router and in the way we have PixFirewall-515 to filter traffic, now make secondary interface on inside and outside router and assign IP address to it, so here we go:

Inside-Router (config) # interface fasethernet 0/0
Inside-Router (config-if) # ip address 192.168.1.3 255.255.255.0 secondary
Inside-Router (config-if) # ip address 192.168.1.4 255.255.255.0 secondary
Inside-Router (config-if) # ip address 192.168.1.5 255.255.255.0 secondary

Outside-Router (config) # interface fasethernet 0/0
Outside-Router (config-if) # ip address 10.1.1.3 255.0.0.0 secondary
Outside-Router (config-if) # ip address 10.1.1.4 255.0.0.0 secondary
Outside-Router (config-if) # ip address 10.1.1.5 255.0.0.0 secondary

Defining Objects-----------------------For Source

PixFirewall-515 (config) # object-group network s1
PixFirewall-515 (config) # network-object host 192.168.1.2
PixFirewall-515 (config) # network-object host 192.168.1.3

PixFirewall-515 (config) # object-group network s2
PixFirewall-515 (config) # network-object host 192.168.1.4
PixFirewall-515 (config) # network-object host 192.168.1.5

Now calling both objects within another object

PixFirewall-515 (config) # object-group network s3
PixFirewall-515 (config) # group s1
PixFirewall-515 (config) # group s2


Defining Objects-------------------For Destination

PixFirewall-515 (config) # object-group network D1
PixFirewall-515 (config) # network-object host 10.1.1.2
PixFirewall-515 (config) # network-object host 10.1.1.3

PixFirewall-515 (config) # object-group network D2
PixFirewall-515 (config) # network-object host 10.1.1.4
PixFirewall-515 (config) # network-object host 10.1.1.5

Access-List to all Objects:

PixFirewall-515 (config) # access-list 105 permit tcp object s1 object D1 eq 23
PixFirewall-515 (config) # access-list 105 permit tcp object s3 object D2 eq www

In the first ACL only members of object s1 is allowed while in second they have
allowed object s3 which itself calls both the s1 and s2 object.

Lest remove 192.168.1.2 from access-list like

PixFirewall-515 (config) # object-group network 1
PixFirewall-515 (config) # no network-object host 192.168.1.2

Now ping outside address using 192.168.1.2 as a source address so it will not ping because it is removed from the object, again add in the group and ping then it will work properly.

PixFirewall-515 (config) # object-group network 1
PixFirewall-515 (config) # network-object host 192.168.1.2

I hope it will be informative.
Cheers

STP v/s RSTP

Spanning Tree Protocol (STP) is used to avoid layer-2 loops or switching loops. Some of the terminologies used in spanning tree protocol are Root Bridge-RB (It is normally the powerful switch on the network means with high processor, high memory etc), Non-Root Bridge-NRB (switches other than root bridge are called NRB), Designated Port-DP (The port which transmit best BPDU and ports of root bridge are always designated port because it turns into forwarding state) and Root Port-RP (the port which receive best BPDU)both are also called Forwarding Ports, and Non-Designated-NDP Port also called Blocking Port. There election of RB and NRB is done on the basis of priority and MAC address collectively called Bridge ID. There are certain conditions for the election, i.e. One Root Bridge / Network, One Designated Port / Segment ( Root Bridge ID, Path Cost to the Root, Sender Bridge ID (SBID), Port ID (PID)), One Root Port / Non-Root Bridge( Path Cost to the Root, Sender Bridge ID (SBID), Port ID (PID)).

RSTP (Rapid Spanning Tree Protocol) on the other hand is an 802.1w IEEE standard and is backward compatible with 802.1D (STP) on per port basis. RSTP is fast from STP because here the convergence is done by each link or done on link by link basis. We have different Port States ( Discarding, Learning, Forwarding), Port Roles ( Root-Port, Designated , Backup, Alternate), Port Types( Edge Port, Non-Edge Ports) and Link Types ( Shared Links, Point-to-Point).
Now the question arises that whether to use STP or RSTP in our networks, so look at the following configurations and the output then we can conclude which to use and why?

STP Configuration

Its enable by default now look at the first figure that Fast Ethernet 0/2 on MLS 1 is down to see the result I am going to shutdown Fast Ethernet 0/3 and let’s see how much time Fast Ethernet 0/2 took to get up and see the packets that are dropped in the mean while. Look at the Figure A and see before and after shutting down the Fast Ethernet 0/3 and in the mean while the packets that are dropped are show by black circle and then communications starts so here communication is almost 97 Percent.

RSTP Configuration

Now to enable RSTP on all switches just we have to enter a single command. i.e.
MLS-0(config) # spanning-tree mode rapid-pvst
MLS-1(config) # spanning-tree mode rapid-pvst
MLS-2(config) # spanning-tree mode rapid-pvst

Now look at the second figure that Fast Ethernet 0/3 on MLS 1 is down, to see the result I am going to shutdown Fast Ethernet 0/2 and see how much time Fast Ethernet 0/3 took to get up and see now how much packets are dropped in the mean while. Look at the Figure A and see before and after shutting down the Fast Ethernet 0/2 and in the mean while the packets that are dropped are show by black circle and then communications starts so here communication is almost 99 Percent which is consider perfect as 1% is negligible.


Conclusion

So we came to conclusion that RSTP is better to implement on our network as we will not face data loss that we can face in STP.

Hope it will be informative for you. Thank You for Visiting.

Linux PC on Network

Back in 2008 when i was unable to bring my PC (Linux OS) on a network, i was thinking of how to connect it to the internet or bring on a network or how to install messenger or any other software because i was completely unaware of this as i am not a Linux guy as i am network guy but i am trying to for the learning of Linux, here are the few steps or few changes required in the files thne we can bring our pc on a network and can enjoy internet may be it will help some one who really don't know how to bring pc on network. There are certain file in which we have to make changes (for CLI users) like:
/etc/sysconfig/network
/etc/sysconfig/network-script/ifcfg-eth0
/etc/resolve.conf

Step # 1: vi /etc/sysconfig/network

In this file just define the gateway like
NETWORKING=yes
HOSTNAME=myserver.proxy
GATEWAY=192.168.1.1

Step # 2: vi /etc/sysconfig/network-script/ifcfg-eth0

In this file we just have to define our IP address
DEVICE=eth0
BOOTPROTO=static
BROADCAST=10.255.255.255
HWADDR=00:1A:64:6D:3F:9C
IPADDR=10.x.x.x
NETMASK=255.0.0.0
NETWORK=10.0.0.0
ONBOOT=yes
TYPE=Ethernet
GATEWAY=192.168.1.2

Step # 3: vi /etc/resolve.conf

In this file you have to give your DNS and Preferred DNS ip address
nameserver 10.x.x.x
nameserver 10.x.x.x

Thos who want to make it graphically jsut with one command, just enter following command:

[root@myserver ~]# netconfig

you will be promting a window as you seen, If you are running DHCP server on you network then just check [*] USe Dynamic... here we go your system is now on a network. Yu can check by following command

[root@myserver ~]# ifconfig
eth0
HWaddr 00:10:C6:9F:42:62
inet addr:10.110.10.2
Bcast:10.255.255.255
Mask:255.0.0.0

Here we go, hopefully it will be informative.
Enjoy

Eclipse on Linux

To install eclipse on liux (or any other operating system) it will ask for java runtime so before installing Eclipse first we have to istall jre on Linux machine the detail steps are as follow.

To install jre on Linux (self-extracting) file Follow these instructions:
1. If you are login with another user (other than root), At the terminal, Type
su
2. Enter the root password.
3. Change path to the directory in which you want to install, like I install in /usr/java,
cd /usr/java/
To make the file executable change the permission by following command,
chmod a+x jre-6u-linux-i586.bin
4. Verify that you have permission to execute the file. Type
ls -l
see Figure "A"

5. To start the installation process Type,
./jre-6u-linux-i586.bin
this displays a binary license agreement. Go through the agreement. Press the spacebar to display the next page. At the end, enter yes to proceed with the installation. see Figure "B"

6. Java is installed into its own directory. In this case, it have installed in the /usr/java/jre-6u14-linux-i586 directory. When the installation has completed, you will see the word Done. see figure "C"

7. Java is installed in jre-6u14-linux-i586 sub-directory under the current directory. In this case, Java is installed in the /usr/java/jre-6u14-linux-i586 directory. Verify that the jre-6u14-linux-i586 sub-directory is listed under the current directory. Type:
ls see Figure "D"
The installation is now complete.

To install the Linux RPM (self-extracting) file Follow these instructions:
1. Change to the directory in which you want to install. I have installed in /usr/java/ directory,
cd /usr/java
Change the permission of the file you downloaded to be executable. Type:
chmod a+x jre-6u14-linux-i586-rpm.bin

2. Start the installation process. Type:
./ jre-6u14-linux-i586-rpm.bin
This displays a binary license agreement. Read through the agreement. Press the spacebar to display the next page. At the end, enter yes to proceed with the installation.

3. The installation file creates jre-6u14-linux-i586-rpm file in the current directory. see figure "E".

4. Run the RPM command at the terminal to install the packages for confirmation sometime it will display you a message “already installed”.
rpm -iv jre-6u14-linux-i586-rpm

5. Java is installed in jre-6u14-linux-i586-rpm sub-directory under the current directory. In this case, Java is installed in the /usr/java/jre-6u14-linux-i586-rpm directory. Verify that the jre-6u14-linux-i586-rpm sub-directory is listed under the current directory. Type:
ls see Figure "F".
The installation is now complete. The version number can be different depends on the version number you have downloaded.

Enable and Configure
Mozilla 1.4 and later
1. Go to the plugins sub-directory under the Mozilla installation directory
cd usr/lib/Mozilla-1.4/plugins
2. In the current directory, create a symbolic link to Java ns7/libjavaplugin_oji.so file Type:
ln -s /plugin/i386/ns7/libjavaplugin_oji.so
Example:
o If Mozilla is installed in this directory:
/usr/lib/mozilla-1.4/
o and if the Java is installed at this directory:
/usr/java/jre 6u14
o Then type at the terminal to go to the browser plug-in directory:
cd /usr/lib/mozilla-1.4/plugins
o Enter the following command to create a symbolic link to the Java Plug-in for the Mozilla browser.
ln -s /usr/java/jre 6u14/plugin/i386/ns7
/libjavaplugin_oji.so.
3. Start Mozilla browser or restart it if it is already running. Note that if you have other Mozilla components (ie: Messenger, Composer, etc) running, you will need to restart them as well.
4. Go to Edit > Preferences. Under Advanced category > Select Enable Java

Eclipse Installation
1. First step is to direct the path where we want to install the application like in my case i have install in
cd /usr/eclipse
2. Second step is to decompree and then extract the data so one command for both is
tar zxvf eclipse-jee-ganymede-SR2-linux-gtk.tar
3. Now its ready to use just go to that directory where you have install like i have done
cd /usr/eclipse/eclipse
and then enter now enter the following command
./eclipse

Trunk Port in Depth

Trunk port is a port which carries multiple VLAN information (traffic). Two types of encapsulation are available i.e. ISL and Dot1q. On certain switches only Dot1q is available it depends on which series of switch are you using. There is difference between these two some of the features are:
ISL: It’s a Proprietary Protocol and frame is encapsulated (double Tagging) with a total size of 30 bytes (26 Bytes Header and 4-bytes Tail) and is done on the whole frame, it’s a protocol independent means frame is encapsulated and have no concern with internal data and support PVST (per VLAN spanning Tree) and have no use in VoIP environment. 10 bits is kept reserved so we can create VLAN up to 1024 and we can configure from 2 to 1001 as VLAN 1 and VLAN 2-5 are reserved.
DOT1Q: It’s a non-proprietary protocol and a small tagged is attached to a side of frame of size 4-bytes. It’s a protocol dependent and has support for VoIP and there is three bits space reserved for PRI (priority) used to give preference to whom and not to who called dot1p acts as a class of service. 12 bits are kept reserved so the range of VLAN goes up to 4096. DOT1Q also support Native VLAN (Native VLAN is untagged VLAN means if there is any traffic comes from switch-A which is untagged so it will be received by VLAN on the other side which is declared as a Native VLAN and it is recommended that keep same VLAN as a Native on both side.

Negotiation: If there are two switches with both the encapsulation available on both side so the negotiation will be done on ISL and Trunk port will be established, if there is ISL and DOT1Q on one side and ISL only on the other side so negotiation will be done using DOT1Q and Trunk Port will be established.
Now to start with the Lab makes sure that the switches are Zero Meter and for that enter the following command:

Switch-A # show vtp status
VTP Version : 2
Configuration Revision : 5
Maximum VLANs supported locally : 1005
Number of existing VLANs : 10
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x77 0xA2 0x57 0xB9 0xDB 0x6E 0xC4 0x8C
If you can see the revision number it is 5, so to bring the switch to zero meters we have to delete all VLAN but remember by deleting VLAN the revision number will still 5 as there is a Database maintaining with the name of “VLAN.dat” so we have to delete that also.

Switch-A # delete flash: vlan.dat
Delete filename [vlan.dat]?
Delete flash:/vlan.dat? [Confirm]

Switch-A # write erase
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]

Switch-A # show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 10
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x77 0xA2 0x57 0xB9 0xDB 0x6E 0xC4 0x8C

Repeate all these commands on both switches and then give the following command.

Switch-A # show interface trunk

Port Mode Encapsulation Status Native vlan
Fa0/1 desirable 802.1q trunking 1
Fa0/2 desirable 802.1q trunking 1
Fa0/3 desirable 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-1005
Fa0/2 1-1005
Fa0/3 1-1005

Port Vlans allowed and active in management domain
Fa0/1 1,1002,1003,1004,1005
Fa0/2 1,1002,1003,1004,1005
Fa0/3 1,1002,1003,1004,1005

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,1002,1003,1004,1005
Fa0/2 1,1002,1003,1004,1005
Fa0/3 1,1002,1003,1004,1005

If you notice the mode which is desirable, we can have three conditions for the trunk port i.e. The mode can be desirable desirable, desirable auto and auto auto. so Trunk prot will be established between desirable desirable and desirbale auto while no trunk port between auto auto because when port is in auto mode so it waits for the DTP to recieve so both ports will be waiting for the DTP and no trunk port will be established. In the above case all states are desirable, lets see all three cases.
To change the mode give the following command.

switch-A(config) # interface fastethernet 0/2
switch-A(config-if) # switchport mode dynamic auto

switch-A # show interface trunk

Port Mode Encapsulation Status Native vlan
Fa0/1 desirable 802.1q trunking 1
Fa0/2 auto 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-1005
Fa0/2 1-1005
Fa0/3 1-1005

Port Vlans allowed and active in management domain
Fa0/1 1,1002,1003,1004,1005
Fa0/2 1,1002,1003,1004,1005
Fa0/3 1,1002,1003,1004,1005

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,1002,1003,1004,1005
Fa0/2 1,1002,1003,1004,1005
Fa0/3 1,1002,1003,1004,1005

Now you can see that when we made the state auto for 0/3 interfae on both side so no trunk link is established. The method shown above is the dynamic method.

The Static method for trunk port is to shutdown the DTP packet first, lets try for the 0/3 interface. The correct sequence is as follow:

switch-A (config) # interface fastethernet 0/3
switch-A (config) # shutdown
switch-A (config) # switchport nonegotiate
switch-A (config) # switchport mode trunk
switch-A (config) # no shutdown

Now give the command as follow to see the result

switch-A # show interface trunk

Port Mode Encapsulation Status Native vlan
Fa0/1 desirable 802.1q trunking 1
Fa0/2 auto 802.1q trunking 1
Fa0/3 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-1005
Fa0/2 1-1005
Fa0/3 1-1005

Port Vlans allowed and active in management domain
Fa0/1 1,1002,1003,1004,1005
Fa0/2 1,1002,1003,1004,1005
Fa0/3 1,1002,1003,1004,1005

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,1002,1003,1004,1005
Fa0/2 1,1002,1003,1004,1005
Fa0/3 1,1002,1003,1004,1005

If you can see the above output so the 0/3 shows state is ON means that trunk port is configured manually.

This is just a window to the trunk port configurations.

Hope it will be informative for you.