h1

CPU and Memory Thresholding

November 2, 2009

It is never nice when devices on a network go belly-up, but to know why or what happened right before they went belly-up, is crucial to any network.

By enabling CPU and Memory thresholding, you can be sure to get those vital notifications when it happen allowing you to respond a lot quicker.

When a router is overloaded by processes, the amount of available memory might fall to levels insufficient for it to issue critical notifications, so the first step is to reserve some memory:
memory reserve critical {kilobytes}

Read the rest of this entry »

Posted in General info | Leave a Comment »

h1

Wendell Odom on R&S v4 Troubleshooting

October 30, 2009

Ah, as time passes all questions starts getting answered. Many have feared the dreaded troubleshooting addition to the CCIE R&S v4 Lab. But as I expected for the average hands-on individuals, it should be a breeze.

Wendell did great write-up on the troubleshooting section sharing his experience when he did the V4 Beta lab @ NetworkWorld.

In short the T/S  section is Virtual, no real kit and the topology consists of 30-40 routers. Now dont get alarmed by the numbers. As per Cisco you can expect 10-12 questions and you have 2 hours to complete these. The question are short and clear of what is asked. Ie R1 cant ping P2, etc.

The good news ? Wendell, who I believe, is not as hands-on as many candidates, (he is still a legend) said the time was not issue, and neither was the difficulty of the questions. He believes the questions to be reasonable.

Head over to his blog article to see his T/S section strategy.

Posted in Resources | Tagged | Leave a Comment »

h1

Routing-Bits on iPhone

October 28, 2009

I have enabled a Mobile Theme for visits from iPhone Safari Browsers that makes browsing much easier, Maybe later a similar theme will be enabled for Win-Mo users.

iphone

Posted in Non Tech stuff | Leave a Comment »

h1

Cisco Autosecure

October 24, 2009

Cisco always attempts to make our lives easier, or at least sometimes.

When you setup your last CE router, did you make sure all the necessary security measure were setup. Is it protected against DOS attacks, stack or buffer overflows, are you logging the correct info incase someone tries to access your network?

Cisco quite some time ago wrote a macro command combining what they believe to be the necessary and recommended features that should be enabled on every CE router.

There are two main parts of this command:

  • Securing the Forwarding Plane
  • Securing the Management Plane

Just because this command could make your life easier, you should understand each actions that is executed, else you might disable or break a needed function.

Read the rest of this entry »

Posted in Security | Leave a Comment »

h1

Wendell Odom shares his peak at v4

October 23, 2009

CCIE R&S version 4 kicked of this week, and part of a BETA testing from Cisco, Maurilio Goritto asked a couple Cisco Press CCIE authors and other CCIE veterans to ‘retake’ the lab, and provide their input on the structure, layout, difficulty, time and overall fairness.

Wendell Odom, renowned Cisco Press author, shared his view of these topics at his Networkworld blog.

One big change regarding the actual lab day, (besides the net content/TS part), is no more printed lab exercise book, I personally won’t like that. According to Wendell there is a new GUI, in the format of indexed content, clickable diagrams and questions.

Read this article if you taking the new, well now current version 4 of the CCIE R&S.

Posted in Non Tech stuff | Tagged | Leave a Comment »

h1

CCIE Study Wiki

October 22, 2009

I came across this site recently, and I must say the idea is great and the content are good..

cciestudywikilogo

There’s thousands of great CCIE articles out there just waiting to be found.

If there’s one thing the new CCIE Study Wiki does well, it’s how it serves as a central point for collecting and sorting information from all corners of the web. Right now there are over 3000 quality links, and it’s growing everyday.

Great going Jason :)

Posted in Resources | 2 Comments »

h1

Cisco IOS v15.0

October 21, 2009

Cisco finally took the long awaited leap, and released a new Major Release. The latest Cisco IOS version was 12.4 until  Cisco released IOS version 15.0.

Version 15.0? Surely that is a typo a mistake?

iosv15

According to a forum or two, rumors is that Cisco avoided using 13 and 14 because 13 is considered unlucky in the Western Culture and 14 is also considered unlucky in the Asian culture !!

And I thought believing in superstition was bad luck! LOL

Release Notes are here.
New Features are here.

Posted in General info, Humour | Leave a Comment »

h1

BFD – Bidirectional Forwarding Detection

October 20, 2009

What is one pain-in-the-butt things with wireless links connected to a Ethernet ports on a Cisco router?
You don’t know when the wireless link goes down?

Since Ethernet technology does not provide for end-to-end connectivity checks, like ATM OAM F5, Frame-Relay EEK, or PPP LCP Keepalive, you need a similar method to know when the wireless link or the remote side is unreachable.

There are varies workarounds, like using IP SLA monitor, or using BGP with reduced timers, but a better solution is to use Bidirectional Forwarding Detection (BFD), to quickly identify the failing wireless VLANs and route your traffic elsewhere quickly and efficiently.

Read the rest of this entry »

Posted in General info | Tagged | Leave a Comment »

h1

Renaming Class-maps and Policy-maps

October 19, 2009

I saw someone removing a Policy-Map and the associated Class-Maps, just to rename the class-maps to the correct naming standard. And although the intention was great conforming to network standards, there is an easier way.

Within the class-map and the Policy-Map there is a rename option. What is really cool, Mr IOS will update the mappings that are in use or referenced by that name auto-magically.

Class-Maps

Take the following Class-Map and Policy-Map I ‘errornously’ created:

cmpm-1 Read the rest of this entry »

Posted in QOS | Tagged | Leave a Comment »

h1

FWSM IOS upgrade

October 18, 2009

If you need to upgrade the IOS on a FWSM (Firewall Switch Module), you will soon find out, that the upgrade works slightly different to routers. You don’t have the option to use multiple ‘boot system’ commands, nor can you copy more than one IOS image to the FWSM flash. If that is the case, what about failback, if you don’t have the old/current IOS version? (and no you can’t just tftp/ftp the current image from a FWSM when in-use). So now what?

A really neat yet fairly undocumented feature is how the FWSM  addresses the space allocation of the Flash memory. Refer to the Application partitions (cf:4 and cf:5), see a previous post that listed the partition break down.

Application Partition cf:4 is used by default,  but cf:5 not.  Because cf:5 provides a secondary partition to boot from,  it allows you to test config on a new IOS version. If you boot of cf:5 appose to cf:4, you have a clean and fresh ‘dir flash:‘ to load a new IOS image on, while leaving the working ‘dir flash:‘ in tact . ,

Just change the default boot partition to cf:5 from the switch, with
boot device module {MOD-NUMBER} cf:5

Then reload the module, and load the ‘test’ IOS image to flash (now cf:5) and do any tests necessary. Once happy remove the above command and upgrade to the new IOS on the default partition cf:4.

Posted in My Journal | Leave a Comment »

h1

Cisco Data Centre Design and Deploy Workshop

October 16, 2009

DATA-CENTRE-CONF.

I attended the Cisco Data Centre workshop the past two days at Monte Casino. With a huge attendance and both local and international speakers, one thing is for sure,  the focus of technology and cabling around Data Centres are evolving and Cisco is leading the way as usual with Data Centre 3.0.

Key concepts discussed:

  • Cabling Reduction
  • No STP
  • Unify, Simplify, Amplify
  • Virtualization
  • Unified Fabric Advantages
  • Cloud Computing
  • Unified Computing

Some of the biggest issues with data centres today, besides hitting scalability constraints, are the excess cabling, the power required per-port, the overall cost and unwanted complexity. According to Cisco by redesigning the Data Centre architecture from the ground (the cabling) up, utilizing 10 Gigabyte cabling options, doing ‘away’ with Spanning-tree in order to utilize ALL uplinks simultaneously, using Top-of-Rack fabric extenders, Middle-of-Row aggregation points, and with the power of Cisco’s UCS implementation, you will be enabled to streamline the layout, cost, power-demands,  sustainability and scalability.

Obviously it wont be a Cisco event if there we no hardware talk, err I mean sales-talk. The guests of the conference were the Cisco Nexus Range of Data Centre Switches (the Nexus 1000V Switch, Nexus 2000 Series Fabric Extenders and Nexus 5000 and 7000 Series Switches) and lastly UCS (Unified Computing System).

Here are some of the links with more info:

Cisco Data Centre Info

Unified Computing

Cisco IP Data Centre Design

Posted in General info, Switching | Leave a Comment »

h1

IOS upgrade tip

October 11, 2009

So it is sunday morning, the change window just kicked in, you copied the new IOS image to the router, used the ‘boot system’ command as per my previous post, you save your config and reload. All looking good for an early night, but when the router reloads you get a bunch of errors during bootup along the lines of:

% Invalid input detected at '^' marker.
% Incomplete command.

Oh no, you didn’t do you homework, did you check for command differences between the IOS versions? Did you test the current config on the new IOS in a lab prior to the upgrade (yes not always possible), do you have a config backup?

If you don’t have a full config backup you have BIGGER problems. If you remove the first ‘boot system’ command to boot of the working IOS, and write your config, usually all commands that gave errors during that boot-up, will now be LOST since you saved the config and overwrote the startup-config.

So what now?

Appose to freaking out and start dancing like a banshee doing some tribal dance, do the following. ‘Rename’ the NEWLY installed IOS image in Flash, the image specified in the first ‘boot system’ command to something else, and ‘Reload’ WITHOUT SAVING the config. When the router reboots it will attempt to locate the first specified boot system image, but because you renamed it, it can not be loaded. The router will then attempt to boot off the second specified boot system image, the old working IOS image. And happiness is restored.

Posted in General info | Tagged | Leave a Comment »

h1

Boot System command

October 11, 2009

Whenever doing IOS upgrades on production devices, it is always best to have a fail-back plan. With most platforms, the best way to this is with the ‘boot system’ command and altough not a new command, still good to cover.

The  ‘boot system’ command is non-exclusive, and if multiple entries exist, the commands are tried top down. If the first is unsuccessful, the second will be tried. If the first is successful it is loaded. This is very handy, since it provides IOS-image redundancy, and a fail-back option.

What do I mean by IOS-image redundancy?
If you are using a bigger platform that has 2x Compact Flash Slots, by loading the same IOS image on both disks you can have image redundancy, incase one of the Compact Flash Cards bombs out, with the following config:

boot system flash disk0:s72033-adventerprisek9_wan-mz.122-33.SXI2.bin
boot system flash disk1:s72033-adventerprisek9_wan-mz.122-33.SXI2.bin

The same redundancy could be achieved by using a remote FTP/TFTP location as the second command.
.

This command however becomes most useful when doing IOS upgrades. Provided you have enough space to store a second IOS image, load the NEW IOS Image on that same disk, then by using the ‘boot system’ command, specify the path to the NEW IOS Image first and then the path to the current IOS Image:

boot system flash disk0:s72033-adventerprisek9_wan-mz.122-33.SXI2.bin
boot system flash disk0:s72033-adventerprisek9_wan-mz.122-18.SXF6.bin

Now the example above, when the router reboots, the router will try to load 122-33.SXI2 first, if unsuccessful, then it will load the current (122-18.SXF6).

Posted in General info | Tagged | Leave a Comment »

h1

FWSM – Reset passwords and AAA

October 8, 2009

Password recovery on a router is easy, and even easier to find the steps if you dont know.

What if you forget the login and enable passwords, or you created a lockout situation because of AAA settings on a FWSM (Firewall Switch Module) blade inside a Cisco 6500 or Cisco 7600?

You have two options.

  1. The Cisco way
  2. The Alternative way (as always)

The Cisco way is not hard and but needs understanding of the hardware. The FWSM has a 128-MB Flash memory card that stores the operating system, configurations, and other data. The Flash memory includes six partitions, referenced as ‘cf:n‘.

  • Maintenance partition (cf:1) — Contains the maintenance software.
  • Network configuration partition (cf:2) — Contains the network configuration of the maintenance software.
  • Crash dump partition (cf:3) — Stores the crash dump information.
  • Application partitions (cf:4 and cf:5)—Stores the application software image, system configuration, and ASDM. By default, the FWSM boots off and installs the IOS images on cf:4. You can use cf:5 as a test/backup partition. The contents of this partition (cf:4) is seen with the command ‘dir flash:’
  • Security context partition (cf:6)—64 MB are dedicated to this partition, which stores security context configurations (if desired) and RSA keys in a navigable file system. The contents of this partition is seen with the command ‘dir disk:’

Read the rest of this entry »

Posted in FWSM | Tagged | Leave a Comment »

h1

MPLS Quick Command Reference guide

September 30, 2009

With the kickoff of version 4 for CCIE Routing and Switching Lab, there has been a lot of focus on getting to know the new topics  content.

It seems however some guys are fearing the addition of MPLS. MPLS is really not a mean animal, or at least not the level that will asked in the R&S lab.

Some time back  I created this quick command reference guide for MPLS, and it covers most of the Routing and Switching commands along with my troubleshooting process, I blogged before.  A guide including the theory to follow soon.

Feel free to download it :)

Download

Right-Click to Download

Posted in MPLS | Tagged , | Leave a Comment »

Older Entries »