GNSv1.1 ASA Up and running in 2 minutes

Hello guys !

Here is my second post in the GNS3v1.1 series getting ASA up and running in less than 2 minutes enjoy ! and as always any comments or questions are welcome .

Edit–>Preferences–>Qemu–>New–> Select Name:<Name>, Type : ASA 8.4(2) –>Qemu Library: quemu-system-i386w.exe and leave RAM at default

Now select Initial RaM Disk and Kernel image

Note you should have two kind of images to get ASA up and running in GNS3 one is has name that ends with “initrd.gz” and the other is actual kernel image. (If you spend 10 minutes in Google it’s not that hard to get those files :P)

And here you go my ASA is up and running ! Make sure to activate the license and again Google is your friend J

ciscoasa# sh ver | i up

Config file at boot was “startup-config”

ciscoasa up 35 secs

GNS3v1.1 IOS Router running in a minute !

Hey everyone ,

As you all know GNS3 has finally released a stable release of their brand new software recently , I’m planning to post a series of posts to get IOS Router , ASA and other cool stuff like linking Citrix Netscaler loadbalancer’s etc . So this is my first post in the series , its very simple getting IOS router up and running in GNS3.

1. Install Latest GNS3 software (Register yourself and get a free copy)

2.Navigate via Edit–>Preferences–>Dynamips–>IOS Routers–>New–><Default settings>

And it’s done it is that simple ! see below i was able to login to my IOS router.
R1#sh ver | i up
Technical Support: http://www.cisco.com/techsupport
R1 uptime is 4 minutes
R1#

New Job New Goals :)

Hello Friends ! It’s been very long time since I’ve posted anything in here. I was kind of busy these last 3 months but I’m committed to myself to post at-least once in a week.

As you can see from the post title I got the new job as Network Engineer in Verizon and now I’ve chance to explore lot of different technologies.

I’m planning to prepare for CCSA (CheckPoint Certified Security Administrator) hoping to sharpen my skills in CheckPoint technologies ! so you can expect my follow-up posts will be more on CheckPoint for sometime.

CCNP RS Version 2

New CCNP R&S !!

Daniels networking blog

I woke up to the news that CCNP RS Version 2 is now live. As usual, there is no
reason to panic. If you have been studying for the old version, nothing has been
wasted. OSPF is still OSPF, EIGRP is still EIGRP. The new exams are:

Implementing Cisco IP Routing (300-101)
Implementing Cisco IP Switched Networks (300-115)
Troubleshooting and Maintaining Cisco IP Networks (300-135)

The last day to take the old exams will be January 29, 2015.

The good news with the new blueprint is that Cisco is doing what they have been
for a while now, producing more detailed blueprints on what to study. There is also
a weighting included, which shows how much weight each section holds of the entire exam.

Implementing Cisco IP Routing (300-101)

This is the new version of the ROUTE exam. The old version was 642-902. The
new blueprint is here.

The routing…

View original post 2,473 more words

Nortel/Avaya’s MLT,DMLT,IST,SMLT,SLT & RSMLT

I am attempting to give a high level overview of Nortel/Avaya link aggregation techniques , some reputed proprietary protocols for someone who is new to Nortel/Avaya.

MultiLink Trunking (MLT):

MultiLink Trunking (MLT) is a point-to-point connection that aggregates multiple ports to logically act like a single port, with the aggregated bandwidth. It’s a link aggregation protocol similar to IEEE LACP or Cisco’s Ether channel.

Grouping multiple ports into a logical link provides a higher aggregate on a switch-to-switch or switch-to-server application.

 

Distributed MultiLink Trunking (DMLT):

MLT provides module redundancy via Distributed MultiLink Trunking (DMLT).

DMLT allows you to aggregate similar ports from different modules. Nortel recommends always using DMLT when possible.

To include ports as trunk group members of an MLT, you must statically configure the ports

.

Split MultiLink Trunking (SMLT):

SMLT is a Nortel/Avaya proprietary form of link aggregation that provides a way to combine two switches into one logical device for L2 networking. SMLT connects a MultiLink Trunking (MLT) switch to a pair of SMLT switches. This is similar to Cisco’s virtual Port Channel (vPC).

In SMLT, two core switches are connected by an Inter-Switch Trunk (IST). The two core switches use the IST to share L2 learned information, so they appear as one. The designated IST “control” VLAN implements a specialized control protocol that encapsulates the update in IP so that forwarding databases (FDB) in both switches are synchronized.

SMLT eliminates the need for Spanning Tree protocol and its complexity. 

Single Link Trunking (SLT):

SLT is a port-based option of SMLT where only one port from each core switch is used in the SMLT. The only difference between SMLT and SLT is in SLT only single port from each core switch will participate in the aggregation.

SLT is best suited for large-scale deployments of edge switches from a single switch cluster.

Routed Split MultiLink Trunking (RSMLT):

SMLT is a way to ensure that traffic gets across a VLAN by providing redundant switches and redundant links whereas RSMLT ensures traffic can be routed off the VLAN by adding router redundancy. RSMLT is similar to VRRP and provides the same services as VRRP but it is Nortel/Avaya proprietary.

 

Why two addresses ? MAC & IP

I know this is kind of very basic question but honestly in my opinion not many people know the exact answer ! including me 🙂 but i am trying to understand the need of two addresses & also to share my views via this post.

• Imagine if we only have a MAC address and there is no IP address concept. This will create an obvious challenge for the ever growing networks because MAC addresses are not hierarchical. Maintaining a routing table for the entire network (imagine Internet !!) will be impractical.

• OK if we imagine the other way i.e if we only have IP addresses (hierarchical by the way). This will also create an obvious challenge of keeping up with ever growing networks. How can we assign IP addresses to each and every node in our network ? static is not an option for large networks. If we use Dynamic (example DHCP) we need some way to uniquely identify each node in a network to avoid duplicate addressing or multiple assignments to the same node in this case we need MAC address.

• We can’t run large networks (Internet) by physically connecting each and every node there should be a segmentation at each and every level ( logical & physical) so there is a place for both IP , MAC addresses by design. Check the below excerpt from ARP RFC.

At nearly every layer of a network
architecture there are several potential protocols that could be
used.  For example, at a high level, there is TELNET and SUPDUP
for remote login.  Somewhere below that there is a reliable byte
stream protocol, which might be CHAOS protocol, DOD TCP, Xerox
BSP or DECnet.  Even closer to the hardware is the logical
transport layer, which might be CHAOS, DOD Internet, Xerox PUP,
or DECnet.  The 10Mbit Ethernet allows all of these protocols
(and more) to coexist on a single cable by means of a type field
in the Ethernet packet header.  However, the 10Mbit Ethernet
requires 48.bit addresses on the physical cable, yet most
protocol addresses are not 48.bits long, nor do they necessarily
have any relationship to the 48.bit Ethernet address of the
hardware.  For example, CHAOS addresses are 16.bits, DOD Internet
addresses are 32.bits, and Xerox PUP addresses are 8.

Thanks for reading ! For any questions / discussions please post in the comments section.

 

12.971599 77.594563

CCIE Lab Strategy

Most of the Network Engineer’s dream is to become a CCIE and i am one of them. I found this interesting book on preparing for CCIE LAB , this will give a good understanding of what to expect while preparing for CCIE and how effectively you can do it in all possible ways.

Personally i like the chapters “Do you really want to be a CCIE” in this chapter they talk about how people come up with stories on why they are not trying for CCIE & things like that.

“VoD” in this chapter they gave tips on how to get the most from training videos.

At the end they gave suggested timelines to choose according to your level , in this they guide you on what to do or expect in each phase of your prep so that you will know you are on right track. This is really good !

overall it’s worth reading once if you wanna be a CCIE but don’t know exactly how 🙂

You can visit their website 2doubleccie to read the sample of this book.

GNS3 ER Installation on Windows 8

As most of us already know gns3 released ER recently , This is a step by step walk through of installing it on windows 8.

Download GNS3 alpha1 setup & install normally , only thing different is it will ask for your registered email address & GNS3 username to finish the installation.

 

You need to download & install latest virtualbox to import the OVA as below

Important thing is you’ve to make sure Network adapter is “Virtualbox Host-only Ethernet Adapter”

Once done we need to upload the IOU images (Don’t ask me how to get IOU images , Google is your friend) to the VM as below

Check what is the ip address of your VM , access via web browser and upload the required images ( i got connection reset when i am trying to upload 144 MB image so make sure it’s below 100 MB)

You should’ve a valid IOU license , IOU path (need to create a text file as below)

[license]
gns3-iouvm=<your license key>

Provide path to IOU license file by navigating to Edit -> Preferences -> IOS on UNIX -> Path to IOURC

Now you need to specify the VM ip & port by navigating to Edit –> Preferences -> Server -> Remote servers:

Also provide path to IOU images by navigating to Edit -> Preferences -> IOUU devices -> IOU images -> IOU path

you can find the path on VM by giving below commnad

Now we are all set , you can start playing with your IOU devices 🙂

 

If you have any questions ask me in the comments section , i will try to help you. Thanks for your time.

 

Debugging Cisco Router safely

You may come across situations where you have to troubleshoot the packet flow and actually wanted to know what your destination router is doing then debug your best option but most people are hesitant to enable  debug on production router because it can lock you down and in worse case it may reboot.

I found very interesting article on Cisco’s website to safely debug your router. This post is my understanding of that article & with a GNS3 example.

Precautions before turning debug on production routers:

• Disable console , terminal logging .If you are accessing the router via telnet or ssh (most common) you need to disable terminal logging.
• If you are logging to some external syslog server that is good but if you are logging locally make sure you have selected the proper buffer size , turned on msec timestamping
• Cisco recommends that cpu load shouldn’t be more than 30% but this is just a guideline.
• You need to disable fast switching in order to capture the packets with debug . Router can’t capture cef switched packets.
• Create one access-list that only matches the traffic you want to capture.

GNS3 Example:

Here i am trying to capture telnet traffic from R1 to R2 using the above precautions.

R1#terminal no monitor
R1(config)#no logging console

R1(config)#logging buffered 10000

R1(config)#service timestamps log datetime msec

R1(config)#int f0/0
R1(config-if)#no ip route-cache

R1(config)#ip access-list extended 103
R1(config-ext-nacl)#permit ip 10.1.1.1 0.0.0.0 10.1.1.2 0.0.0.0 log

You can narrow down to only the specific traffic you want to match as shown using access-lists.

Enabled debugging with the access-list to limit the output it generates.

R1#debug ip packet 103 detail
IP packet debugging is on (detailed) for access list 103

Generated the traffic using telnet.

R1#telnet 10.1.1.2
Trying 10.1.1.2 … Open

User Access Verification

Username: murali
Password:
R2>exit

[Connection to 10.1.1.2 closed by foreign host]

You can see the tcp connection established using syn,syn-ack & ack from the debug output.

If you want more you check Tassos blog you can analyze the debug output using wireshark !!!!

I hope this post is useful , thank you everyone for spending time on this. If you have any questions please post in the comments section. Lets collaborate lets discuss !!

Welcome !!

Hey there,

Welcome to my blog !!!

I like keeping short and simple.This blog is mainly dedicated to networking technologies even though name says Cisco i will post on whatever technology i am learning or found interesting 🙂