Saturday, November 16, 2013

Cisco's Archive command

I have mentioned this before, but actually got to setting it up on my study rack today finally.

Because I have quite a bit of equipment now, and mixed Junos and Cisco, It's helpful now to have an archive of saved configs as I study.

There are several references I used for this:

from Cisco

https://learningnetwork.cisco.com/blogs/vip-perspectives/2013/10/30/understanding-cisco-auto-archive-feature-to-backup-configuration-file

And Daniel Patrick's RouterWrangler.com Blog:

http://www.routerwrangler.com/

it's a simple config:

archive
  path tftp://192.168.1.131/$h

The $h is a variable that will save the config with a name including the current hostname:



This pic is an example of one config saved without the $h variable, and one with.

This is basic setup. There are other options that you can set for the naming, and scheduled archiving.





Monday, November 11, 2013

Saturday, November 9, 2013

MPLS VPN OSPF BGP configuration practice

With my work being mostly based in MPLS, but from a mainly GUI use standpoint, I'm trying to gain a better overall understanding of MPLS configuration.

I don't have the Alcatel Gear to play with here, nor CLI config rights yet at work, so I'm working with the next best thing, practicing on what I do have, Cisco Gear.

I'm using Levent Okvur's walkthrough on YouTube:



So here is the simple MPLS setup I'm using:



Three 1841's, one as Provider Core, and two as Provider edge devices.
Four 1720's as the CE devices.

Config on one of the PE routers:

Saturday, November 2, 2013

Added more Racks for Sale on EBAY.

Need to generate some income to pick up another SRX and probably another EX2200.

From Cheapo 1720/2950 racks for just over $100 to a Rack mounted, 5 device setup with a Custom menu Access server for $599.00.

Check out the racks and Buy...Buy...Buy !!!

http://www.ebay.com/itm/251362609974?ssPageName=STRK:MESELX:IT&_trksid=p3984.m1555.l2649




Sunday, October 20, 2013

Need another SRX

Looks like the EX2200's don't have the layer 3 capabilities I'd need to have it be set up with provider bridging functions. I wasn't sure, but now know.

So... I'll be needing to pick up another SRX sooner than later, as the SRX does.

Need to be able to run this configuration to emulate the MX commands:


user@beb1> show configurationrouting-instances {pbn-1-for-eline {instance-type virtual-switch;interface ge-2/0/0.1;interface pip0.0;bridge-domains {bd1 {vlan-id 10;}eline-svlans {vlan-id-list [ 2100 ];}}pbb-options {peer-instance pbbn-1;}service-groups {eline1 {service-type eline;pbb-service-options {isid 10100 interface ge-2/0/0.1;}}}}}

Thursday, October 17, 2013

Carrier Ethernet topology a bit more set



Gotta luv local liquidation companies...

The Haul yesterday:

2651xm
2621
2950g EI
Dell powerconnect 3024 (new in box)
Cyberpower 1350 AVR UPS

All for cheap...


With the Cyberpower setup protecting my Main PC(Core i5 680, Nvidia GTX560Ti), the Network rack PC(Core2Duo 2.4ghz, Nvidia 7950Gt), and three 23" monitors, and a few peripherals, it's running 235watts. or 29% of the Cyberpower's capacity.

I have always wanted one with the LCD diplaying output. Not bad for $21.00. I think they run $150.00 new. We'll see how long the batteries last. The are charging to 80% and are showing at 235watt output to have 12 minutes of up time.

Even if it dies, Used UPS are almost always a good deal, as you can run down to a battery store and pick up new replacements for around $40.00, or even cheaper online. For $60.00, I could essentially have a new $150.00 UPS.

Sunday, October 13, 2013

First week of Introduction to Python Programming complete

The assignment submission familiarization week is over, and we get on to our first real project:

Rock, Paper, Scissors:

In our first mini-project, we will build a Python function rpsls(name) that takes as input the string name, which is one of "rock""paper""scissors""lizard", or "Spock". The function then simulates playing a round of Rock-paper-scissors-lizard-Spock by generating its own random choice from these alternatives and then determining the winner using a simple rule that we will next describe.
While Rock-paper-scissor-lizard-Spock has a set of ten rules that logically determine who wins a round of RPSLS, coding up these rules would require a large number (5x5=25) of if/elif/else clauses in your mini-project code. A simpler method for determining the winner is to assign each of the five choices a number:
  • 0 — rock
  • 1 — Spock
  • 2 — paper
  • 3 — lizard
  • 4 — scissors

copywrite: Joe Warren, John Greiner, Stephen Wong, Scott Rixner, all rights reserved.



SFP interchangeability

Well, the ADVA 850mm SFP's that apparently weren't compatible with the Cisco 3560,

DO WORK in a Juniper EX2200. This is a HUGE savings, as I picked up 6 ADVA SFP's for $35.00, and the cheapest Juniper compatible SFP's I could find were $45.00 a piece.


root@Juniper# run show chassis pic pic-slot 1 fpc-slot 0
FPC slot 0, PIC slot 1 information:
  Type                             4x GE SFP
  State                            Online
  Uptime                         44 minutes, 19 seconds
PIC port information:
                          Fiber                    Xcvr vendor
  Port  Cable type        type  Xcvr vendor        part number       Wavelength
  3     GIGE 1000SX       MM    FINISAR CORP.      FTLF8519P2BNL-AD  850 nm

Obviously, ADVA branded, but actually, a Finisar product...

root@Juniper# run show interfaces diagnostics optics ge-0/1/3
Physical interface: ge-0/1/3
    Laser bias current                        :  6.844 mA
    Laser output power                        :  0.3450 mW / -4.62 dBm
    Module temperature                        :  35 degrees C / 95 degrees F
    Module voltage                            :  3.2430 V
    Receiver signal average optical power     :  0.3637 mW / -4.39 dBm


EX2200 password recovery

Enter configuration mode in the CLI:
user@switch> cli
Set the root password. For example:,
user@switch# set system root-authentication plain-text-password


whoops...Anyway, it's here: and you may need to have a (free) Juniper account set up to get to it. I have a J-TAC account due to work.


http://kb.juniper.net/InfoCenter/index?page=content&id=KB14102&actp=RSS&smlogin=true



Jist of it is, you power the device on, hit the spacebar when you get this prompt:

Hit [Enter] to boot immediately, or space bar for command prompt.

Then, once it gets to this prompt: loader>, you type boot -s, which starts it in single user mode

Then, you will get this prompt:

Enter full path name of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery

Then, in my case, it went to a normal, non-configure prompt, where I moved to configure mode, and then set a new system, plain text password:

user@switch# set system root-authentication plain-text-password

Then, obviously, commit and reboot.

Saturday, October 12, 2013

EX2200 in the rack...

came last night, but had to get caught up in my Python class. Still need to password restore it.


Pics or it didn't happen...


Wednesday, October 9, 2013

Carrier Ethernet topology

This is the topology I'll be working with for now. (well, once the EX2200 arrives and the SFP's)



Pressure to complete the CCNP off, back to Python

Having moved into an Engineer position, and work requirements really making Juniper and some Layer 2 technologies being more important for the time being, I'm going to back off the CCNP for a bit, and focus more on my overall Network engineering knowledge and education.

That said, I'm going to give a non-shameless plug again to www.coursera.org

I am starting the Rice University "An Introduction to Interactive Programming in Python" again.

right Heah...

https://class.coursera.org/interactivepython-003/auth/auth_redirector?type=login&subtype=normal



Class started Oct 6th, but I believe they may still be taking sign-ups.

One can now pay $49.99 and get a certificate from Rice University stating that you have taken the course.

I believe I could likely have it paid from our training fund at work, so I may do that.




Tuesday, October 8, 2013

Juniper EX2200 on the way

Barring any of the occasional EBay/Paypal issues, I should have an EX2200 added to the Carrier Ethernet rack within the week possibly. Surely by next week.

I have the devices partially set up now, and am working on an E-line configuration through the SRX210 from the ADVA 825.

Once the EX2200 comes in it will be run (Rack Server)HOST A -(1gig copper)- ADVA825 -(1gig copper)- SRX210 (1gig copper)- EX2200 -(1 gig MM fiber)- ADVA 206v -(1gig fiber)- HOST B(Cisco 3560)







Monday, September 30, 2013

Juniper SRX210 configuration for JNCIA-SP study

Since, out of the box, the SRX210 is for all intents and purposes, a firewall, some adjustments have to be made to make it work for Service provider study. Bear with me, I'm in a bit over my head still and clawing my way out.

This came from Jeremy Merideth's blog, which it doesn't appear that he is currently maintaining, but great info in here and a thanks to him. How to get an SRX out of default Juniper config:

http://runningsecure.blogspot.com/2011/06/screenos-background.html


SRX Default Config


For the purpose of this blog I will be configuring an SRX100.
When either taking an SRX out of the box or entering the following commands, you will get the Juniper default configuration.

root@host# load factory-default
root@host# set system root-authentication plain-text-password
root@host# commit and-quit
root@host> request system reboot

Personally I prefer to work from a blank canvas, so the following commands removes all Juniper applied config, adds a few tweaks and gives us a starting point to build up our configurations.

Remove the interface Ethernet Switching
root@host# delete interfaces fe-0/0/1 unit 0 family ethernet-switching
"Repeat for interfaces range 1-7"
root@host# delete interfaces vlan unit 0 family inet address 192.168.1.1/24
root@host# delete interfaces vlan unit 0 family inet

Remove the fe0/0/0.0 interface from Security Zone
root@host# delete security zones security-zone untrust interfaces fe-0/0/0.0

Remove the Zone Interfaces and Policies
root@host# delete security zones security-zone trust host-inbound-traffic
root@host# delete security zones security-zone trust interfaces vlan.0

Remove Default Policies
root@host# delete security policies from-zone trust to-zone untrust

Remove Default Web Management
root@host# delete system services web-management http interface vlan.0
root@host# delete system services web-management https interface vlan.0

Remove NAT rule
root@host# delete security nat source rule-set trust-to-untrust

Remove Screening on Untrust Zone
root@host# delete security zones security-zone untrust screen

Remove Existing Name Servers and add Google ones
root@host# delete system name-server 208.67.222.222
root@host# delete system name-server 208.67.220.220
root@host# set system name-server 8.8.8.8
root@host# set system name-server 8.8.4.4
root@host# delete system services dhcp

Remove Default Security Zones
root@host# delete security zones security-zone untrust
root@host# delete security zones security-zone trust

root# run show configuration | display set
set version 11.1R2.3
set system root-authentication encrypted-password "$1$sF9Tjm/m$zu6xvdjAUIqeeHSP69Vfm0"
set system name-server 8.8.8.8
set system name-server 8.8.4.4
set system services ssh
set system services telnet
set system services xnm-clear-text
set system services web-management http
set system services web-management https system-generated-certificate
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set interfaces fe-0/0/0 unit 0
set interfaces fe-0/0/1 unit 0
set interfaces fe-0/0/2 unit 0
set interfaces fe-0/0/3 unit 0
set interfaces fe-0/0/4 unit 0
set interfaces fe-0/0/5 unit 0
set interfaces fe-0/0/6 unit 0
set interfaces fe-0/0/7 unit 0
set interfaces vlan unit 0
set protocols stp
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security policies
set vlans vlan-trust vlan-id 3
set vlans vlan-trust l3-interface vlan.0

And then how to set it up to more closely emulate an MX series SP switch from the Juniper Forums:


Cleaned up the rack some, and added some cable management. The second ADVA (GE206V) is just waiting for some MM fiber jumpers to arrive. (quite literally, possibly, on a slow boat from china)

Need to sell a couple more racks and I'll have enough to pull the trigger on a Juniper EX2200 to more fully simulate the types of circuits we'll be performing break/fix on.



Sunday, September 29, 2013

New tabs for CCNP, JUNOS, and MEF-CECP(Metro/Carrier Ethernet)

So cleaned up the pages some, and going forward will be tagging posts so they will be easy to pull up by hitting the menu button at the top of the Blog for whatever you want to look at.

Juniper Blog ?

With the new position I'm starting, I'm probably going to need to delve MUCH more into JUNoS, so I'm wondering if I should just add a separate page to this blog, (or find a more logical way to separate the posts within this one) or start a new one.

For that matter, I might want to start a separate Carrier Ethernet page or Blog.

I'll sit and think on it for a bit. I don't know that I'll have time to be posting to multiple separate blogs, Especially, when the racing blog starts up in earnest next year again with what will, hopefully, be a pretty interesting F-prepared BMW Z-3 build from a stripped shell.

Dunno, I'll think about it while I'm setting up the Carrier Ethernet simulation network with the Junipers and ADVA's.



Friday, September 27, 2013

Well, I guess I'm an "Engineer" now...

My start date is today for my new position as "Engineer, Network Operation Center"

Some companies might call us Tier 3, and I'll be off the phones for the most part, unless it is a engineer to engineer conference, requiring more advanced troubleshooting. Going on Salary as well. Not sure how I feel about that. I'll have to see how they handle that.

Our Commercial NOC is growing from 40+ analysts, to upwards of 120, including the 12 engineers, that I am one of.

It's been a great experience coming from climbing poles, and outside plant to the logical side. I look forward to new and greater challenges.

Sunday, September 22, 2013

Home Network Baller Status ?

Is home network "Baller" status achieved when your home router becomes a Juniper SRX210 ?
Sold the ADSL PIM out of it for $100, making it a net $285.00 purchase, which is a pretty good deal for one of the SRX210high memory versions.

Racks in, Racks out. I was getting a bit worried, but it appears that the U.S. must have a large percentage of people on the same payday weeks. About exactly 2 weeks from the last time I cleaned out my stocks, I'm almost cleaned out again.

Sold 5 systems over the last few days. Configuring what I have left to be a pretty nice rack for the Labkeeper.net/Packetlife.net Beta.

Upgraded a few of the XM routers I have left to have the ability to run 12.4T and IPV6 and advanced security features like Zone Based Firewalls. 192/48 is required.


A Few 2651xm Routers old Boot Roms


Now with upgraded Boot Rom allowing 256 mb of NVRAM

Monday, September 16, 2013

Rack Cam back running

Rack cam as living proof that I am, in fact, still studying for my CCNP. Big changes coming at work, and I might actually need it now.

Working HSRP labs tonight. If you watch the switches, you might even see ports changing status...

But if you are watching my switches to see if they change status, you probably need some help...and not the lab rack kind.

;-)

Thursday, September 12, 2013

Carrier Ethernet rack coming along... Working on Radius Authentication to become a part of Packetlife.net's LabKeeper.net beta testing.

Picked up my second ADVA to almost complete my Carrier Ethernet NID acquisitions. I'll probably try to pick up a Cisco ME3400 as well, but those end up costing nearly as much as the Junipers do.

I should be able to do some simulations and practice what we preach at work soon.

The one on top is an FSPCCf-825 with 4 x 10/100 copper access ports, 1 x gig copper access port, 1 x gig fiber access port, and two copper and two fiber network ports.

The one on the bottom is an FSP 150CC ge-206 and is all fiber with six access and two network ports.

ADVA's are made in Germany, and the quality shows.





Working hard on CCNP switch study to hopefully test for SWITCH by the end of the month.

I'm working on getting at least one lab live on the labkeeper.net system that Packetlife.net Author, Jeremy Stretch has put together. It's an amazing bit of work he's done, and should allow us to get racks out to people to use much easier. Might kill my business, but I was never really in this to make a killing, just help pay for my own racks. Hopefully, soon, I'll be a busy network engineer and have no time for the business anyway.



Monday, September 9, 2013

CCNA rack try-b4-u-buy are back available... Donations would be wonderfulness !!!

As it says, the rack in the previous post is available to schedule for Try-b4-u-Buy.

See the Rack schedule page, or the CCNA topology page for scheduling button. It's blocked out until mid-day tomorrow as I have to make changes to the topology to fit the new rack config.

I'm probably going to limit this to one scheduling per day and see how it goes. If it get's out of hand, and it appears that someone is attempting to re-sell time, I'll discontinue it, and/or only give access to people through E-bay contact.



Sunday, September 8, 2013

Cable building day... and New racks for sale

I tend to dread these days.

I don't know if it's flashbacks to my BICSI commercial cabling days, or if I'm just lazy, but I hate building cables.

With the selling of my semi-custom CCNA and CCNP racks, I have to build quite a few of them, especially when I use 2509/11 RJ access servers.

These ones do end up pretty aesthetically pleasing though. I don't think anyone is selling racks this complete on Ebay.




Sunday, September 1, 2013

Putty Manager+Avocent Access server = Heaven in studying...






















Don't forget to configure keepalives or you'll lose your sessions everytime the window times out. I'm trying every 15 seconds, and see if there is any kind of issue.




Cable pinout for Terminal Servers, NM modules, etc.

I've been meaning to make this post for a while, and as I'm building roll-over cables for the Avocent TS-3000, I thought it would be a good time to get most of the cable pinouts for custom cables all into one place for myself and others.

If you are using other types of modules in CCNP and up, It's my estimation that you are probably spending too much $$$. I've been getting 56k modules nearly free, and WIC-T1's for as low as $3.50 a piece. In comparison, it's difficult to get a WIC-1T for less than $10.00 and then you have to spend another $10.00 for one cable. I can build much more easily managed cabling for T-1 modules for around $.25 per cable.



Here is Cisco's PDF:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.10/installation/guide/Pinouts.pdf

My nothing fancy guide




Terminal server roll-over cable:



signal     pin     signal
RTS    1 - 8    RTS
DTR    2 - 7    DTR
TXD    3 - 6    TXD
GND   4 - 5   GND
GND   5 - 4   GND
RXD   6 - 3    RXD
DSR    7 - 3    DCD
CTS    8 - 1    CTS

T-1 cross-over cable for back to back connection:





Typical T1 configuration:

ip address 10.1.12.2 255.255.255.0
no fair-queue
no dce-terminal-timing-enable
service-module t1 clock source internal
service-module t1 timeslots 1-24

other side the same except:

diff IP, of course, and:

service-module t1 clock source line



56k 4 wire cross-over for back to back connection:





56k 4 wire back-to-back typical config:


special considerations:



ip address 192.168.1.1 255.255.255.0
service-module 56k clock source internal
service-module 56k network-type dds

otherside:


ip address 192.168.1.2 255.255.255.0
service-module 56k clock source line
service-module 56k network-type dds



Avocent Cyclades to ADVA rj45-rj45



This one took me longer to wrap my head around while learning more about Digital signalling.

I had these to work with:



Cyclades RJ45 to DCE DB-25 pinouts






And the ADVA documentation for the RJ45 to DB-9 pinout.


Once I figured out that the cyclades to DCE was more or less straight through, it made sense.


This resulted in my T568B end on the cyclades to the ADVA end:

1 wht/org - pin 8 (RTS - RTS)
2 org        - pin 3 (DTR - DTR)
3 wht/grn - pin 6 (Txd - Txd)
4 blu        - pin 4 (GND - GND)
5 wht/blu  - pin 7 (CTS - CTS)
6 grn         - pin 5 (Rxd - Rxd)
7 wht/brn - pin 1 (not used DCD - DCD)
8 brn        - pin 2 DSR - DSR

I'll add more as I use them.






Tuesday, August 27, 2013

Avocent Cyclades for Terminal, access servers

After going through the surprisingly easy initial configuration of the Avocent Cyclades TS-3000 Terminal server, I have to say, if you are still using a Cisco 2509 or 2511 for accessing your devices, you, one, overpaid for you access server, likely, and two, you are missing out on an insane amount of features, you could have. Add to that, the fact that it's a 48 port device, and the value is through the roof.

I picked two scratch and dent TS-3000's on Ebay for around $40 a piece, roughly 1/2 to 1/3 what a Cisco 2509 generally goes for. The CLI based initial config wizard to put it on my LAN was simple and took all of 5 minutes.

Because you use a serial rollover cable to connect to equipment, I can build my own custom cables, for around $0.25 a piece.

The web-based config options are extensive, as are the the security options.

All in all, a great device. There are a few people selling literally hundreds of them on Ebay right now. I may pick up 5-10 for the racks I sell.







And with the TS-3000, I can go back to running Putty Manager. I was missing my tabs...(I think I'll likely be ponying up for a Secure CRT license, though.






Monday, August 26, 2013

Junipers Router JWEB

Since I posted the Cisco GUI for the 3560, I thought, since the J2300 came in today, that I'd post a pic of the Jweb interface page on the juniper. This is old as the hills, as this thing came with Junos 7.3, circa 2004.



It's pretty similar. One wonders why we don't use these more.

The rack is definitely looking more interesting, if not more useful.

The Cyclades Term server and the Adva Carrier ethernet switch came in today as well. I haven't begun to sort out the Cyclades yet, which is linux based, and the Adva came with a DC power supply, so I'll have to wait for the AC P/S I ordered today to come, assuming it was the right one. There's not a lot of info on the ADVA site, and my login credentials to the Adva customer portal is at work.

I can already tell that the Adva SFP's are not going to be the killer, but it's going to be the Juniper SFP's on whatever EX switch I end up getting that is going to break the bank.

I'll say one thing, physically, everything about a Juniper or an Adva device appears to be of higher quality than on any Cisco device I've had. The Adva, made in Germany, is on a much higher plane of quality than the other two. Probably comparing apples and oranges, but just an observation. I've now worked with Cisco, Juniper, Alcatel, Marconi, Nortel, and Adva routing and switching gear, and the Adva stuff seems to be more like Nortel used to be, if anything, over-engineered.

The rack with it's new additions.


I spent about an hour configuring the wrong T1 interface in the Juniper, thinking I had missed some crucial option in the T1-options, not realizing that T1-0/0/0 is actually T1-0/0/2, after the FE0/0/0, and FE0/0/1. anyway, I'm pinging J2300 to 1841 on T1 interfaces for the first time.

To contrast the config differences:

J2300

   t1-0/0/2 {
        mtu 1504;
        clocking internal;
        encapsulation ppp;
        t1-options {
            timeslots 1-24;
            buildout 0-132;
            line-encoding b8zs;
            framing esf;
        }
        unit 0 {
            family inet {
                address 10.0.0.3/24;

1841

interface Serial0/0/0
 ip address 10.0.0.1 255.255.255.0
 encapsulation ppp
 no fair-queue
 service-module t1 cablelength short 110ft
 service-module t1 timeslots 1-24




Sunday, August 25, 2013

Visual Switch Manager

While working some labs, I came across something I didn't really know existed. I probably should have, but just never really considered it.

Set a username, and password, and voila :


GUI for a 3560.

Who says Cisco isn't into SDN. lol.

Using the SmartPorts feature is interesting. Look at the config it performs when you select a role of router connection for port 0/1:


And then role Desktop/Phone:



And then the factory reset/reload autoconfig once I finished playing with it:


New equipment trickling in... and another Juniper acquisition

After selling 5 systems over about a week and a half, my entire CCNA rack was bare, and ALL of my access servers went to good Cisco studying homes, I had to reload.

So I now have here, or on the way:

Cisco:

10 x 2960-TTL
2 x 2610xm 128/32
3 x 2611xm
3 x 2610 64/32
1 x 2620
1 x 2509rj access server

Term Servers:

2 x Avocent Cyclades TS-3000

Juniper:

J2300 Router
SRX 210b Service Access switch (a 3:30am ebay auction win for $200 !)

ADVA:

FSP-150CC - GE206V Carrier Ethernet Access switch

So my own study rack will be getting much more interesting and fiber based, in line with some coming changes at work in which my job will becoming much more Juniper (and Cisco) based again soon.

I'm replacing the rental racks access servers with the Avocent Cyclades TS-3000




These support SSH, GUI based management, and by-port authentication, which will result in a more seamless studying experience, allowing use of more effective tabbed terminal emulation which the menu-based setup I had didn't really accomplish well. The fact that I picked up two of them for half the price of a single cisco 2511 didn't hurt either. Hopefully they will work.

The start of the Juniper lab is exciting as well. I'll have to integrate it into the CCNP lab for now, with another SRX 210, and a couple EX2200 or 3200's still needed to build the stand-alone lab.


Tuesday, August 20, 2013

Changing direction a little bit

I still have one CCNA rack, and the CCNP R&S rack built, but I've started to make a few purchases to diversify training.

I picked up a Juniper 2300 rtr today, NIB for $100. Not even sure if that was a good deal or not. It appears to be.



Also picked up an ADVA  FSP150CCF-GE206V , CARRIER ETHERNET ACCESS switch.

FSP 150CC-GE206

The ADVA may only interest those that I work with in Carrier transport. I'm going to build a carrier access network with mixed Juniper and Adva to enhance my ethernet skills, hopefully the SFP purchases won't break the bank.

I'll have a bid out shortly for a couple Juniper EX3200's as well. The SRX210's will probably have to wait a bit.

Saturday, August 17, 2013

Rental racks down for a bit... awaiting replacement modules

Out of the blue, Cert-racks.com started doing business, with a vengeance.

With a probably 3 system sales processed, I'm waiting for replacement modules to get the racks back up, and for that matter, the scheduling software back up an running, as my free trial has run out as of yesterday.

Everything should be back going by the middle of the week.

Monday, August 12, 2013

Lab Racks

The CCNPorBust lab racks are down for maintenance for a day or so.

The ASA 5505 came in, so a bit of reconfiguration of both the CCNP and CCNA racks had to be done to get 1841's with particular specs into place where they need to be to run specific IOS.

Should be back up by Wednesday.

Then we will have the

CCNP R&S rack (for fee $3.50/7.5 hour block)

3 x 1841
2 x 3560
2 x 3550
2 x 1721 hosts
Menu'ed access server

CCNA R&S/Security rack (for fee $2.00/7.5 hour block)

ASA5505
3 x 1841
3 x 3550
2 x 2610 hosts
Menu'ed access server

CCNA R&S rack 2 (Free/7.5 hour block, but still have to schedule)

1 x 2651xm
2 x 2611
3 x 2950g with EI
1 x 2621xm with NM-4AS (Frame Relay switch)
Menu'ed access server

Topology's will be updated as well, and a page added for the free rack.



Thursday, August 8, 2013

Powering up Rack 2

When you go into a build like this, with the amount of devices I have available, one can lose track of the simplest thing that can keep you down...

Power cables, and outlet usage. I finally got in a bunch of power cables, attached to cisco 17xx power supplies to get the nearly 20 devices running in rack# 2. So, now the CCNA rack, which will house the CCNA R&S/Security module, and soon to be free CCNA R&S modules have enough juice.

The CCNA R&S/Security module is also entirely on Battery backup as well thanks to a 10 outlet APC BE750G, with 475watt capacity. The CCNA R&S/Security module uses about 275watts of that.


Monday, August 5, 2013

Adding back one free CCNA rack to the rack listings.

After getting a good deal on some routers/switches, I'm going to add back, for now, one relatively basic CCNA rack, with plans to eventually add another two, for a total of three basic CCNA racks(3 x 2950 switches, 3 x 1721 routers running 12.3 IOS) for free, and then the fee-based CCNA/CCNP R&S(security) rack which should have an ASA5505 added in about a week, and the CCNP R&S rack. Eventually, there will be a CCNA voice rack added as well. The router I'll be using for that is already in the free rack until the 1721's get here. (a 2651xm)

There will be a paypal donation button for the free racks, and hopefully, I'll pick up enough goodwill to pay for the addition to the electric bill, and the extra $10/month to add more than 3 scheduling slots to the reservation taking software.

I didn't want this to be an entirely for-profit enterprise, so this will take care of that goal.

This will bring the grand total of devices in both racks to 27 now, and 39 once the 1721's arrive, and then probably 45ish once the CCNA voice equipment arrives.

Sunday, August 4, 2013

Adding TFTP, to the CCNA rack and ending of the Free Alpha test.

All good things must come to an end.

We've had around 10 people through the racks during the Alpha testing period, with positive reviews from those that left them.

I'll be opening a beta test now (we're going to call the free time the alpha) for payment acceptance, where the public will be paying my electrical bill for awhile. (and maybe a starbucks for me once a week ;-)

Fees for trying the equipment out will now be for the next month, $3.50 for a 7.5 hour block on the CCNP rack, and $2.00 per 7.5 hour block on the CCNA rack. Every appointment will be a buy-on-get-one-free, so if you buy one now, you will get one free if you use it before September 6th. If you don't use it before then, then you will still have a $3.50 or $2.00 credit towards a reservation after September 6th.

It will go up at the end of that month, to $7.50 and $5.00 per block respectively, but with additions to service level with an ASA5505 added to the CCNA rack and proper security IOS to the routers.


Thursday, August 1, 2013

Adding Security to the primary CCNA rack, and TACACS+

I sold a smattering of my 1841 stock, and with the proceeds will likely be adding an ASA5505 to the CCNA Rack 1 to facilitate it's use for those pursuing CCNA security.

Also in the interest of learning more security, I'm building both Linux and a wintel TACACS+ servers.

I am really having to brush up on my poor linux skills.

windows version can be found here:

http://www.tacacs.net/

even the windows version requires skills I didn't previously have. Working within an XML config file is not something I've had to do before. Make sure you adjust your permissions to the config file.

MS XML notepad can be found here:

http://www.microsoft.com/en-us/download/details.aspx?id=7973

and linux:

ftp://ftp.shrubbery.net/pub/tac_plus

and a decent walkthrough here for the linux install:

http://bejoybkn.blogspot.com/2011/07/network-monitoring-toolstacplusrancidsy.html

watch out for the tcp_wrapper issue. The fix is listed in the comments. This is not recommended for someone with zero linux experience, but if you are a wannabe network engineer you better get some. My working in the world of GUI based transport EMS lets me get away with it, but I don't think anyone will be mistaking me for a network engineer yet, if ever.


Not necessarily the easiest thing in the world:, but we're up and working, at least I think we are:

Help info:

  C:\Program Files (x86)\TACACS.net>tactest /?
<87> 2013-08-01 08:25:32 TACTest 1.2.2.0 (C) TACACS.net
A tool for testing TACACS+ server responses.
This host must be in the server's authorized client list to work.

Usage: tactest [options]

Options:
 -\?    Display help
 -s     ServerIP IP     (If this is not provided then 127.0.0.1 is used)
 -port  ServerIP Port   (If this is not provided then port 49 is used)
 -k     Shared Key      (If this is not provided then no encryption is used)
 -u     Username
 -p     Password
 -np    New Password    (used only for change password commands)
 -type  Authentication type. Can be ASCII or PAP, CHAP  Default is ASCII
 -en    This sends an enable command to the server
 -c     Send this many requests. Default is 1
 -m     Send repeatedly for this many seconds.
 -t     Send this many requests per second.
 -r     Retries
 -w     Wait time between retries in seconds.
 -f     Input file to be used.
 -pppid CHAP PPP Id to be be used. Default is 'A'
 -challenge     CHAP Challenge to be be used. Default is abcdef followed by 25 r
andom ascii characters
 -service       This is used to request authorization AV pairs from server
 -command       This is used to request authorization of a command from server
 -authen        This is used to send authentication commands to the server. This
 is the default command.
 -acct  The type of accounting command to send. Valid values are start, stop & w
atchdog
 -author        This is used to send authorization commands to server or to requ
est authorization AV pairs from the server

Input file can be used for commands e.g., tactest -f filename.txt
If input file is used then the 't' option must be specified at command line
e.g, tactest -f filename.txt -t 20

Authentication Examples:
tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword
tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -c 20
tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -t 20
tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -m 5
tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -m 5 -t 20

Accounting Examples:
tactest -s 127.0.0.1 -k mykey -u myuser -acct start bytes_in=100 bytes_out=200
tactest -s 127.0.0.1 -k mykey -u myuser -acct stop bytes_in=400 bytes_out=300
tactest -s 127.0.0.1 -k mykey -u myuser -m 5 -acct stop bytes_in=400 bytes_out=3
00

Authorization Examples:
tactest -s 127.0.0.1 -k mykey -u myuser -author -service shell
tactest -s 127.0.0.1 -k mykey -u myuser -author -command configure terminal
tactest -s 127.0.0.1 -k mykey -u myuser -author -c 20 -command configure termina
l

And TACTest output:


C:\Program Files (x86)\TACACS.net>tactest -k XXXXXXXX -u shawn -p cisco
<87> 2013-08-01 08:30:31 Performing LoginASCII with shawn,cisco,True
<87> 2013-08-01 08:30:31 Trying to open connection to 127.0.0.1:49
<87> 2013-08-01 08:30:31
Sending:
 MajorVersion=12
MinorVersion=0
Type=Authentication
SeqNum=1
IsEncrypted=True
IsSingleConnect=True
SessionID=xxxxxxxxx
DataLength=13
 **Authentication Start**:
Action=Login
Priv_Lvl=1
Type=Ascii
Service=Login
User=shawn
Port=
RemAddr=
Data=
<87> 2013-08-01 08:30:31
Received Header:
 MajorVersion=12
MinorVersion=0
Type=Authentication
SeqNum=2
IsEncrypted=True
IsSingleConnect=True
SessionID=xxxxxxxxx
DataLength=16
<87> 2013-08-01 08:30:31
Received Body:
 Authentication AuthReply:
Status=GetPass
Flags=No Echo
UserMsg=Password:
Data=
<87> 2013-08-01 08:30:31
Sending:
 MajorVersion=12
MinorVersion=0
Type=Authentication
SeqNum=3
IsEncrypted=True
IsSingleConnect=True
SessionID=xxxxxxxxxx
DataLength=10
 Authentication Continue:
Flags=None
UserMsg=*******[Hidden for security]
Data=
<87> 2013-08-01 08:30:31
Received Header:
 MajorVersion=12
MinorVersion=0
Type=Authentication
SeqNum=4
IsEncrypted=True
IsSingleConnect=True
SessionID=123691515
DataLength=45
<87> 2013-08-01 08:30:31
Received Body:
 Authentication AuthReply:
Status=Fail
Flags=Debug
UserMsg=User does not belong to specified group
Data=
<87> 2013-08-01 08:30:31 Command Pass status = False, Message=User does not belo
ng to specified group,
<87> 2013-08-01 08:30:31
------------------
<87> 2013-08-01 08:30:31
SUMMARY STATISTICS
<87> 2013-08-01 08:30:31
------------------

Total Commands  .....................  1
Successes  ..........................  0
Failures  ...........................  1
No Results  .........................  0
Time Taken for commands  ............  0.745 secs
Avg Possible Transactions/Second  ...  1
Network Time per command  ...........  0.372 secs
Total Network time  .................  0.372 secs
<87> 2013-08-01 08:30:31 Sent Transactions/Second  ...........  1.3

C:\Program Files (x86)\TACACS.net>






Wednesday, July 31, 2013

Erasing partitions from flash when upgrading physical flash

This is something I hadn't come up against before, and thankfully, it's pretty easy.

If you are upgrading flash from one stick to two, you may be pulling one stick from another device. When you do this, there will likely be a partition left on it. Here's how to wipe it so the device will see the slots as contiguous flash.

(copied from here: http://www.dslreports.com/faq/8683 )

HOST1#erase flash

It will ask you which partition to erase. Erase the one WITHOUT the IOS on it, usually its number 2. Repeat that for all the partitions except the one with the IOS on it.

HOST1#conf t
HOST1(config)#no partition flash
HOST1(config)#exit
HOST1#sh version

verify the partitions are erased.

HOST1#reload

Should see your contiguous flash memory total.



Sunday, July 28, 2013

Some CCNA rack and setup redesign

From some great feedback this morning from a user, the CCNA topology has been labelled, and the configurations on the CCNA rack have been wiped so that you all have to make the configurations. The fall back configs are listed on the topology page.

It is your sandbox now.

Also aligning with his suggestion, and something I was planning on doing eventually as well, the Time Slots as of Thursday, will be changing to 12 noon - 11am the following day.

That's not going to work. I'm going to set up 3 booking slots of 7 1/2 hours each. I'll just block out which slots I need for maintenance as I go for now. People can book mulitple slots. I'll have it discounted in price so that a 24 hour block is still $10.00, $5.00 for the first block, and then $2.50 for each additional slot. in a single day. I'm hoping the software will allow me to do this. May be another update to this Bookeo has no way to apply automatic discounts

That's not going to work either. Booking software isn't really set up for something like this, so it doesn't have the ability to book across days. Looks like an 8hr block will end up $7.50 for the CCNP rack, and $5.00 for the CCNA. I'll revisit the discounting later. This will start Thursday. 7.5hour blocks will start Thursday, free beta still runs until Mon, Aug 5th, at least. If I'm not satisfied with how it's running, it may go longer.

Eventually, when I go to two or three timeslots per day, per rack the time slots will probably be 12 noon-7pm, and 8pm to 3am, and if a third slot is added, and it may be for weekends, then 4am until 11am.

With the two slots, starting when they do, it will give me a bit of a maintenance window from 3 am until noon, until everything is more automated, and set in stone.

This is a learning process, so I appreciate anyone's patience.




Friday, July 26, 2013

Current Lab topos

I've added pages which link to the currently topology on each of my rack setups.

They are at the top of the page...  ;-P

With this blog format, I can't make them much more prominent, but I probably don't need to.

Thursday, July 25, 2013

RackCam up and running

Got a lot done this morning.


Try-B4-U-Buy CCNP rack is in a fairly final config, with TFTP access now to save switch configs.

RackCam is up and running. If you refresh the page, you'll get a live pic. Not the most exciting thing in the world, I know.

I'll probably build an MRTG config for the cam port to see the difference in bandwidth between video and images.

Things that geeks do...

Monday, July 22, 2013

Dell Poweredge 2850

I know, I know, what would I actually use it for...

I picked up this locally, just because every IT geek needs to own one for a day.

They just get your geek juices flowing.

They ARE just as loud as everyone says they are, and do consume quite a bit of juice.

With no OS installed or Disk array, It was humming along at 215watts. I'll probably part it out on E-bay

The price was right to check it out at $16.39. Hopefully I can get that back for the fiber channel cards, which was the only reason I picked it up.




Network Monitoring - MRTG PRTG

Trying both MRTG and PRTG for network monitoring.

I've used MRTG quite a bit in the past(we now use Nagios, SevOne and Splunk), so have that set up first.

Installation was pretty easy, d/l and install perl ActiveState, and MRTG, build your cfg files, and set it to run as a Daemon.



Playing around with PRTG now. Much more involved "sales" process, and although I think they thought they were dumbing it down, it's actually more of a hassle to setup.