Avocent Cyclades for Terminal, access servers

After going through the surprisingly easy initial configuration of the Avocent Cyclades TS-3000 Terminal server, I have to say, if you are still using a Cisco 2509 or 2511 for accessing your devices, you, one, overpaid for you access server, likely, and two, you are missing out on an insane amount of features, you could have. Add to that, the fact that it's a 48 port device, and the value is through the roof.

I picked two scratch and dent TS-3000's on Ebay for around $40 a piece, roughly 1/2 to 1/3 what a Cisco 2509 generally goes for. The CLI based initial config wizard to put it on my LAN was simple and took all of 5 minutes.

Because you use a serial rollover cable to connect to equipment, I can build my own custom cables, for around $0.25 a piece.

The web-based config options are extensive, as are the the security options.

All in all, a great device. There are a few people selling literally hundreds of them on Ebay right now. I may pick up 5-10 for the racks I sell.

And with the TS-3000, I can go back to running Putty Manager. I was missing my tabs...(I think I'll likely be ponying up for a Secure CRT license, though.

http://www.vandyke.com/

Junipers Router JWEB

Since I posted the Cisco GUI for the 3560, I thought, since the J2300 came in today, that I'd post a pic of the Jweb interface page on the juniper. This is old as the hills, as this thing came with Junos 7.3, circa 2004.

It's pretty similar. One wonders why we don't use these more.

The rack is definitely looking more interesting, if not more useful.

The Cyclades Term server and the Adva Carrier ethernet switch came in today as well. I haven't begun to sort out the Cyclades yet, which is linux based, and the Adva came with a DC power supply, so I'll have to wait for the AC P/S I ordered today to come, assuming it was the right one. There's not a lot of info on the ADVA site, and my login credentials to the Adva customer portal is at work.

I can already tell that the Adva SFP's are not going to be the killer, but it's going to be the Juniper SFP's on whatever EX switch I end up getting that is going to break the bank.

I'll say one thing, physically, everything about a Juniper or an Adva device appears to be of higher quality than on any Cisco device I've had. The Adva, made in Germany, is on a much higher plane of quality than the other two. Probably comparing apples and oranges, but just an observation. I've now worked with Cisco, Juniper, Alcatel, Marconi, Nortel, and Adva routing and switching gear, and the Adva stuff seems to be more like Nortel used to be, if anything, over-engineered.

The rack with it's new additions.

I spent about an hour configuring the wrong T1 interface in the Juniper, thinking I had missed some crucial option in the T1-options, not realizing that T1-0/0/0 is actually T1-0/0/2, after the FE0/0/0, and FE0/0/1. anyway, I'm pinging J2300 to 1841 on T1 interfaces for the first time.

To contrast the config differences:

J2300

   t1-0/0/2 {

        mtu 1504;

        clocking internal;

        encapsulation ppp;

        t1-options {

            timeslots 1-24;

            buildout 0-132;

            line-encoding b8zs;

            framing esf;

        }

        unit 0 {

            family inet {

                address 10.0.0.3/24;

1841

interface Serial0/0/0

 ip address 10.0.0.1 255.255.255.0

 encapsulation ppp

 no fair-queue

 service-module t1 cablelength short 110ft

 service-module t1 timeslots 1-24

Visual Switch Manager

While working some labs, I came across something I didn't really know existed. I probably should have, but just never really considered it.

Set a username, and password, and voila :

GUI for a 3560.

Who says Cisco isn't into SDN. lol.

Using the SmartPorts feature is interesting. Look at the config it performs when you select a role of router connection for port 0/1:

And then role Desktop/Phone:

And then the factory reset/reload autoconfig once I finished playing with it:

New equipment trickling in... and another Juniper acquisition

After selling 5 systems over about a week and a half, my entire CCNA rack was bare, and ALL of my access servers went to good Cisco studying homes, I had to reload.

So I now have here, or on the way:

Cisco:

10 x 2960-TTL
2 x 2610xm 128/32
3 x 2611xm
3 x 2610 64/32
1 x 2620
1 x 2509rj access server

Term Servers:

2 x Avocent Cyclades TS-3000

Juniper:

J2300 Router

SRX 210b Service Access switch (a 3:30am ebay auction win for $200 !)

ADVA:

FSP-150CC - GE206V Carrier Ethernet Access switch

So my own study rack will be getting much more interesting and fiber based, in line with some coming changes at work in which my job will becoming much more Juniper (and Cisco) based again soon.

I'm replacing the rental racks access servers with the Avocent Cyclades TS-3000

These support SSH, GUI based management, and by-port authentication, which will result in a more seamless studying experience, allowing use of more effective tabbed terminal emulation which the menu-based setup I had didn't really accomplish well. The fact that I picked up two of them for half the price of a single cisco 2511 didn't hurt either. Hopefully they will work.

The start of the Juniper lab is exciting as well. I'll have to integrate it into the CCNP lab for now, with another SRX 210, and a couple EX2200 or 3200's still needed to build the stand-alone lab.

Changing direction a little bit

I still have one CCNA rack, and the CCNP R&S rack built, but I've started to make a few purchases to diversify training.

I picked up a Juniper 2300 rtr today, NIB for $100. Not even sure if that was a good deal or not. It appears to be.



Also picked up an ADVA  FSP150CCF-GE206V , CARRIER ETHERNET ACCESS switch.



The ADVA may only interest those that I work with in Carrier transport. I'm going to build a carrier access network with mixed Juniper and Adva to enhance my ethernet skills, hopefully the SFP purchases won't break the bank.

I'll have a bid out shortly for a couple Juniper EX3200's as well. The SRX210's will probably have to wait a bit.

Rental racks down for a bit... awaiting replacement modules

Out of the blue, Cert-racks.com started doing business, with a vengeance.

With a probably 3 system sales processed, I'm waiting for replacement modules to get the racks back up, and for that matter, the scheduling software back up an running, as my free trial has run out as of yesterday.

Everything should be back going by the middle of the week.

Lab Racks

The CCNPorBust lab racks are down for maintenance for a day or so.

The ASA 5505 came in, so a bit of reconfiguration of both the CCNP and CCNA racks had to be done to get 1841's with particular specs into place where they need to be to run specific IOS.

Should be back up by Wednesday.

Then we will have the

CCNP R&S rack (for fee $3.50/7.5 hour block)

3 x 1841
2 x 3560
2 x 3550
2 x 1721 hosts
Menu'ed access server

CCNA R&S/Security rack (for fee $2.00/7.5 hour block)

ASA5505
3 x 1841
3 x 3550
2 x 2610 hosts
Menu'ed access server

CCNA R&S rack 2 (Free/7.5 hour block, but still have to schedule)

1 x 2651xm
2 x 2611
3 x 2950g with EI
1 x 2621xm with NM-4AS (Frame Relay switch)
Menu'ed access server

Topology's will be updated as well, and a page added for the free rack.

Powering up Rack 2

When you go into a build like this, with the amount of devices I have available, one can lose track of the simplest thing that can keep you down...

Power cables, and outlet usage. I finally got in a bunch of power cables, attached to cisco 17xx power supplies to get the nearly 20 devices running in rack# 2. So, now the CCNA rack, which will house the CCNA R&S/Security module, and soon to be free CCNA R&S modules have enough juice.

The CCNA R&S/Security module is also entirely on Battery backup as well thanks to a 10 outlet APC BE750G, with 475watt capacity. The CCNA R&S/Security module uses about 275watts of that.

Adding back one free CCNA rack to the rack listings.

After getting a good deal on some routers/switches, I'm going to add back, for now, one relatively basic CCNA rack, with plans to eventually add another two, for a total of three basic CCNA racks(3 x 2950 switches, 3 x 1721 routers running 12.3 IOS) for free, and then the fee-based CCNA/CCNP R&S(security) rack which should have an ASA5505 added in about a week, and the CCNP R&S rack. Eventually, there will be a CCNA voice rack added as well. The router I'll be using for that is already in the free rack until the 1721's get here. (a 2651xm)

There will be a paypal donation button for the free racks, and hopefully, I'll pick up enough goodwill to pay for the addition to the electric bill, and the extra $10/month to add more than 3 scheduling slots to the reservation taking software.

I didn't want this to be an entirely for-profit enterprise, so this will take care of that goal.

This will bring the grand total of devices in both racks to 27 now, and 39 once the 1721's arrive, and then probably 45ish once the CCNA voice equipment arrives.

Adding TFTP, to the CCNA rack and ending of the Free Alpha test.

All good things must come to an end.

We've had around 10 people through the racks during the Alpha testing period, with positive reviews from those that left them.

I'll be opening a beta test now (we're going to call the free time the alpha) for payment acceptance, where the public will be paying my electrical bill for awhile. (and maybe a starbucks for me once a week ;-)

Fees for trying the equipment out will now be for the next month, $3.50 for a 7.5 hour block on the CCNP rack, and $2.00 per 7.5 hour block on the CCNA rack. Every appointment will be a buy-on-get-one-free, so if you buy one now, you will get one free if you use it before September 6th. If you don't use it before then, then you will still have a $3.50 or $2.00 credit towards a reservation after September 6th.

It will go up at the end of that month, to $7.50 and $5.00 per block respectively, but with additions to service level with an ASA5505 added to the CCNA rack and proper security IOS to the routers.

Adding Security to the primary CCNA rack, and TACACS+

I sold a smattering of my 1841 stock, and with the proceeds will likely be adding an ASA5505 to the CCNA Rack 1 to facilitate it's use for those pursuing CCNA security.

Also in the interest of learning more security, I'm building both Linux and a wintel TACACS+ servers.

I am really having to brush up on my poor linux skills.

windows version can be found here:

http://www.tacacs.net/

even the windows version requires skills I didn't previously have. Working within an XML config file is not something I've had to do before. Make sure you adjust your permissions to the config file.

MS XML notepad can be found here:

http://www.microsoft.com/en-us/download/details.aspx?id=7973

and linux:

ftp://ftp.shrubbery.net/pub/tac_plus

and a decent walkthrough here for the linux install:

http://bejoybkn.blogspot.com/2011/07/network-monitoring-toolstacplusrancidsy.html

watch out for the tcp_wrapper issue. The fix is listed in the comments. This is not recommended for someone with zero linux experience, but if you are a wannabe network engineer you better get some. My working in the world of GUI based transport EMS lets me get away with it, but I don't think anyone will be mistaking me for a network engineer yet, if ever.


Not necessarily the easiest thing in the world:, but we're up and working, at least I think we are:

Help info:

  C:\Program Files (x86)\TACACS.net>tactest /?
<87> 2013-08-01 08:25:32 TACTest 1.2.2.0 (C) TACACS.net
A tool for testing TACACS+ server responses.
This host must be in the server's authorized client list to work.

Usage: tactest [options]

Options:
 -\?    Display help
 -s     ServerIP IP     (If this is not provided then 127.0.0.1 is used)
 -port  ServerIP Port   (If this is not provided then port 49 is used)
 -k     Shared Key      (If this is not provided then no encryption is used)
 -u     Username
 -p     Password
 -np    New Password    (used only for change password commands)
 -type  Authentication type. Can be ASCII or PAP, CHAP  Default is ASCII
 -en    This sends an enable command to the server
 -c     Send this many requests. Default is 1
 -m     Send repeatedly for this many seconds.
 -t     Send this many requests per second.
 -r     Retries
 -w     Wait time between retries in seconds.
 -f     Input file to be used.
 -pppid CHAP PPP Id to be be used. Default is 'A'
 -challenge     CHAP Challenge to be be used. Default is abcdef followed by 25 r
andom ascii characters
 -service       This is used to request authorization AV pairs from server
 -command       This is used to request authorization of a command from server
 -authen        This is used to send authentication commands to the server. This
 is the default command.
 -acct  The type of accounting command to send. Valid values are start, stop & w
atchdog
 -author        This is used to send authorization commands to server or to requ
est authorization AV pairs from the server

Input file can be used for commands e.g., tactest -f filename.txt
If input file is used then the 't' option must be specified at command line
e.g, tactest -f filename.txt -t 20

Authentication Examples:
tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword
tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -c 20
tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -t 20
tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -m 5
tactest -s 127.0.0.1 -k mykey -u myuser -p mypassword -m 5 -t 20

Accounting Examples:
tactest -s 127.0.0.1 -k mykey -u myuser -acct start bytes_in=100 bytes_out=200
tactest -s 127.0.0.1 -k mykey -u myuser -acct stop bytes_in=400 bytes_out=300
tactest -s 127.0.0.1 -k mykey -u myuser -m 5 -acct stop bytes_in=400 bytes_out=3
00

Authorization Examples:
tactest -s 127.0.0.1 -k mykey -u myuser -author -service shell
tactest -s 127.0.0.1 -k mykey -u myuser -author -command configure terminal
tactest -s 127.0.0.1 -k mykey -u myuser -author -c 20 -command configure termina
l

And TACTest output:


C:\Program Files (x86)\TACACS.net>tactest -k XXXXXXXX -u shawn -p cisco
<87> 2013-08-01 08:30:31 Performing LoginASCII with shawn,cisco,True
<87> 2013-08-01 08:30:31 Trying to open connection to 127.0.0.1:49
<87> 2013-08-01 08:30:31
Sending:
 MajorVersion=12
MinorVersion=0
Type=Authentication
SeqNum=1
IsEncrypted=True
IsSingleConnect=True
SessionID=xxxxxxxxx
DataLength=13
 **Authentication Start**:
Action=Login
Priv_Lvl=1
Type=Ascii
Service=Login
User=shawn
Port=
RemAddr=
Data=
<87> 2013-08-01 08:30:31
Received Header:
 MajorVersion=12
MinorVersion=0
Type=Authentication
SeqNum=2
IsEncrypted=True
IsSingleConnect=True
SessionID=xxxxxxxxx
DataLength=16
<87> 2013-08-01 08:30:31
Received Body:
 Authentication AuthReply:
Status=GetPass
Flags=No Echo
UserMsg=Password:
Data=
<87> 2013-08-01 08:30:31
Sending:
 MajorVersion=12
MinorVersion=0
Type=Authentication
SeqNum=3
IsEncrypted=True
IsSingleConnect=True
SessionID=xxxxxxxxxx
DataLength=10
 Authentication Continue:
Flags=None
UserMsg=*******[Hidden for security]
Data=
<87> 2013-08-01 08:30:31
Received Header:
 MajorVersion=12
MinorVersion=0
Type=Authentication
SeqNum=4
IsEncrypted=True
IsSingleConnect=True
SessionID=123691515
DataLength=45
<87> 2013-08-01 08:30:31
Received Body:
 Authentication AuthReply:
Status=Fail
Flags=Debug
UserMsg=User does not belong to specified group
Data=
<87> 2013-08-01 08:30:31 Command Pass status = False, Message=User does not belo
ng to specified group,
<87> 2013-08-01 08:30:31
------------------
<87> 2013-08-01 08:30:31
SUMMARY STATISTICS
<87> 2013-08-01 08:30:31
------------------

Total Commands  .....................  1
Successes  ..........................  0
Failures  ...........................  1
No Results  .........................  0
Time Taken for commands  ............  0.745 secs
Avg Possible Transactions/Second  ...  1
Network Time per command  ...........  0.372 secs
Total Network time  .................  0.372 secs
<87> 2013-08-01 08:30:31 Sent Transactions/Second  ...........  1.3

C:\Program Files (x86)\TACACS.net>