Tracing Cables with CDP

Information Technology has become such an important part of our lives that not even a single facet of our life has been left untouched by it. The field is so vast and deep that it is not possible for one person to know everything. Every Specialty requires a specialist and some times a single person is expected to know more than one specialties. There are programmers, networkers, database admins, network and information security officers, voice admins, etc who look into managing their respective domain. There is a segment which is oft ignored and assigned to people who are reluctant on taking the responsibility or to unskilled staff. This segment is cable management. Continue reading

Why Traceroute drops packet at Last Hop?

In our work environment we are always surrounded by people who are either smarter than us or act smarter than us. If we are surrounded by people who are smarter than us, the advantage of working with such people is that you will learn a lot from them, this obviously if they are the good ones who happily share knowledge. If they are unwilling to share knowledge, their presence or absence doesn’t make a difference. If we are surrounded by people who just act smart rather than are smart, we must be very careful as the knowledge which they would be sharing might not always be right as they just want to show that they know while they know not. This can be very bad because at the learning stage if you learn all the wrong things, your foundation will be built on wrong information. The best thing anyone who does not know certain thing can do is just say that he doesn’t know so that we can search for the right reason. The best thing about knowledge is that it is no ones property. Whoever desires to acquire knowledge can easily do it. Continue reading

Build your own Cisco Terminal Server with Raspberry Pi

I have been working in Computer networking for more than 8 years now and the biggest fear I still harbor is losing access to a router by misconfiguration. During my first stint with Service Provider networks, losing access to a router or switch would mean running to the Data Centre and taking console to a router and revert the changes and this because we didn’t have console servers in our Data Centre. Our Data centre was just across the NOC so it would take less than a minute to reach the equipments. During my second stint, the Data centre was the largest in India and going to the Data Centre would take minimum of 15 minutes from the NOC. Although we had a management network connecting all networked equipments, this did not help when a router or switch was malfunctioning and the only option left was taking console. My third stint with Service Provider network had no option of running to the router as many of the PoPs were international. Few of the larger PoPs had Terminal Servers but not all had this. A question would run through anyones mind as to why someone would not provision a console server on a remote site? The primary reason is the cost. The second reason is that it does not make business sense to have a console server for a couple of routers. Continue reading

QOS with GNS3 and Virtualbox

With the addition of Virtualbox to GNS3, you can do all sorts of simulations (except full switching) involving routers, firewalls, servers (windows or linux), applications, etc. It used to bother me a lot to run a network topology and rely on ping and tftp as test traffic for QOS. Now you do not have to rely on boring traffic to test QOS. You can use actual user traffic and classify and mark it on your routers to give it preferential treatment. You can set bandwidth caps on certain protocols, you can prioritise certain protocols, you can remark certain protocols, etc. The options for QOS testing are limited by your imagination.

In this blog, we will cover basic user traffic like web, ftp and windows sharing and classifying them to mark for QOS treatment. We will rate limit some, prioritise some and remark some on our network and see its effects on the destination end. We can also use the relevant show commands to verify proper operations. Continue reading

Cisco AAA and how to get Locked Out

Cisco AAA is a very important security tool to restrict access to your network equipments to only those who are Network administrators. It is an important topic for CCIE Lab and in real life as well. The problem with Network Security is that sometimes due to human error, the network gets so secured that even the Network Administrator does not get access to the equipments. To make such a mistake is very easy because not many people know what exactly goes on after enabling AAA. In this blog, we will look into ways of enabling AAA and possible ways to get out of lock out if there was a proper exit strategy. Continue reading

Multicasting with GNS3 and Virtualbox

There were many times during my CCIE Lab preparation that I wanted to have an actual Multicast server to lab up multicasting but I had always been left with ping to test and troubleshoot multicasting. There were 2 problems to it. The first is that it is a dull and boring multicast source which can be easily switched from one router to the other which if you think, is not a good thing because multicast sources are servers which remain steady in one place. When you shift your multicast source, clarity is lost about where the source is and where the destinations could be. The second is that a receiver is simulated using an IGMP join group which again is a simulation and not an actual receiver. It could be useful in testing but not perfect. With the release of GNS3 with Virtualbox, we can simulate the whole Internet over it, if we wished (and obviously if we had resources for it). By using GNS3 and Virtualbox, we are going to send Multicast Traffic from multicast source to any multicast receiver who intends to listen to it. In this blog, we will see how to send and receive actual multicast traffic through a routed network. I could have just put a multicast source and receiver on the same router to show that multicasting works on GNS3 and Virtualbox but it wouldn’t help anyone of us gaining knowledge. So I decided to run multicasting on a 6 Router topology so that we could run multicast routing, pim sparse mode and maybe look into some issues which multicasting can give us. Continue reading

Say No to Cisco passwords

Folks from the networking Industry might be well aware of the limitations of Cisco Passwords generally called Type 7 passwords. What “service password encryption” (command to make clear text password into type 7 password) does is garble the password so that people who glance over your shoulder will not be able to make out the password. These passwords are also vulnerable if you store your configurations at a not so secure location or if you share your configuration with others for troubleshooting. The reason why many people are deceived by it is possibly because it says service password “encryption”. Anyone in IT knows that you encrypt data so that it is close to impossible to decrypt it except by the one for whom the data is meant. The other reason why people still use it is because they don’t care much about security and assume that nobody is malicious. Your equipments have passwords of every Admin which can easily be compromised but nobody cares.  There are softwares which decode these password.  There are even several websites which decrypt such passwords. The worst part of the tale is that you can use the Router itself to decrypt it. Continue reading