Skip to main content


Showing posts from 2011

Subnet Master Demo for Android

I thought I would challenge myself to write a mobile app. I personally have an iPhone, but didn't want to invest in a MAC to develop an application and then having it rejected by apple. So I opted for and android based app. I had a look around at the subnet calculator market and though I could do a better job. So here is my effort   All the coding was done over a few weekends. There are still lot of refining required, but I feel it is ready for a beta release.    

From IOS to Junos – JNCIA Result - PASS

I done the exam, and I am please to say I passed. So the lab-ing and the two PDFs JNCIA-Junos_SG_part_1_09-16-2010.pdf JNCIA-Junos_SG_part_2_09-16-2010.pdf And a bit of surfing the web were enough. That is not to say everything in the exam was familiar, I did have to think seriously about some questions which puzzled me. So the next step will be to go for specialist, but because of workload, it's going to take a little longer that 15 Days.

From IOS to Junos – Final Day – Part 5 (Services)

It's a Wrap This is the last on this series, it has been hard work fitting in the time (very late evenings) and frustration trying to dump my notes into wordpress. I need to do more reading before the end of the week as I have booked the JNCIA-Junos exam. The start of the Journey has been interesting, and I hope to reach my first mile stone JNCIA-Junos, then I decide if I can go much further with the resource I have at my disposal. Services and Users Part NTP I had some issues getting NTP synced on the last video, I eventually worked it out so here is the final installment. Final word That me finished this series, I hope people find to useful, I know I have found it of great value albeit a tiring one.

From IOS to Junos – Final Day – Part 4 (BGP)

This serious show clearly how tiredness cause simple mistakes :) Some Troubleshooting

From IOS to Junos - Final Day - Part 3 (OSPF)

and we continue

From IOS to Junos - Final Day - Part 2 (RIP)

This is me trying to get RIP working from memory, remember I only began to work on JUNOS one week ago, so it is painful in places RIP Part 1 RIP Part 2

From IOS to Junos - Final Day - Part 1

In this final day I have reset the Lab then proceeded to reconfigure all the devices and capture the process on video. You can watch all my mistakes and also see how I jump around to troubleshoot some basic routing issues between the redistribution between routing protocols. Factory Reset Basic Configuration Interface Check

From IOS to Junos – Day 5

Notes from the day *** BGP into OSPF I forgot you need to export from a protocol into the next protocol. root@Junos4# edit protocols ospf   [edit protocols ospf] root@Junos4# delete import BGPtoOSPF [edit protocols ospf] root@Junos4# set export BGPtoOSPF   [edit protocols ospf] root@Junos4# commit commit complete   **** Before root@Junos2> show route   inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both    *[RIP/100] 00:25:02, metric 2, tag 0 > to via em0.0    *[Direct/0] 00:25:24 > via lo0.10    *[OSPF/10] 00:23:59, metric 1 > to via em1.0    *[OSPF/10] 00:23:59, metric 1 > to via em1.0    *[OSPF/10] 00:23:59, metric 1 > to via em1.0    *[OSPF/10] 00:23:59, metric 1 > to via em1.0    *[Direct/0] 00:25:24 > via em0.0  

From IOS to Junos – Day 4

Not much done tonight, have been really busy. BGP today :) Notes from the day Tried to acccess Junos4 but ssh failed. Because of rushing yesterday I have not enabled ssh configure set system services ssh commit Entering configuration mode Users currently editing the configuration: root terminal v0 (pid 1364) on since 2011-10-05 19:18:27 UTC, idle 00:00:54 [edit] [edit] root@Junos4# set interfaces em1 unit 0 family i ^ 'i' is ambiguous. Possible completions: > inet IPv4 parameters > inet6 IPv6 protocol parameters > iso OSI ISO protocol parameters [edit] root@Junos4# set interfaces em1 unit 0 family inet address [edit] root@Junos4# commit commit complete [edit] root@Junos4# root@Junos4# set routing-options autonomous-system 9999 [edit] root@Junos4# edit protocols bgp [edit protocols bgp] [edit protocols bgp] root@Junos4# set group 4to5 pe

From IOS to Junos - Day 3

Once I have configure everything I am going to wipe the lab and start again seeing if I can clean up some of the mess, but I won't post line by line here, I will just post the final configs. Notes from the day   OSPF Today. set host name and domain name to all ospf routers set system host-name set system root-authentication plain-text-password apply interface configuration to all ospf routers now do ospf??? I haven't looked at a book yet so doing this by feel Junos2 configure protocols set ospf area 0 interface em1 Junos3 edit protocol interface em0 Junos 3 immediately formed a neighbot with Junos 2 do the same for 4,6 and 7 ok a quick peak at a book and look like I can just add the intefaces into the area edit protocols set ospf area 0 interface lo0.10 passive can see all loopback at junos 3 *** redist into rip root@Junos2> root@Junos2> configure Entering configuration mode [edit] root@Junos2

Windows 2008 RADIUS for CISCO Device Authentication

Network Device Authentication  (I wrote this ages ago but though I would transfer to my blog site) It is not uncommon to discover infrastructures with authentication policies in place for Windows Admin Access using Active Directory accounts, only to find the network devices are being accessed using a common user name and password. It would be ideal if the Active Directory accounts that are used to administer the Windows environment could be used to administer the network devices too. (This article is specific to Cisco Network Devices) One solution is to purchase a Cisco Secure Access Control Server, this can use accounts in the Active Directory. The product is quite extensive and has many more feature than just logon authentication. Device administration: Authenticates administrators, authorizes commands, and provides an audit trail Remote Access: Works with VPN and other remote network access devices to enforce access policies Wireless: Authenticates and authorizes wire

From IOS to Junos – Day 2

Notes from the day I am just going to dump my text notes for the day, you have no idea how long it would take to format this stuff, and hell I do it to share, not to make profit.   ** when I had shutdown after the previous days works, I had a thought that the loopback 0 (only loopback adaptor in Junos) would probably be done using unit numbers, as soon a I woke up and checked my twitter I had a tweet from @networkjanitor "In regards to Junos Loopbacks you can have multiple unit interfaces and they can go diff vrfs" so first task today is remove existing loopback 0 unit 0 address and create new loopback 0 unit 10 address. root@Junos1# edit interfaces lo0 [edit interfaces lo0] root@Junos1# edit unit 0 [edit interfaces lo0 unit 0] root@Junos1# show family inet { address; } [edit interfaces lo0 unit 0] root@Junos1# delete family inet address [edit interfaces lo0 unit 0] root@Junos1# commit commit complete [edit interfaces lo0] root@Junos1# edit

Dell Latitude D830 SSD Upgrade

Slow Laptop Syndrome I have a LATITUDE D830 : INTEL CORE 2 DUO T7500 4GB Ram from 2008, I did get a fairly high specification at the time, so it has always had pretty decent performance. However I haven't been using it for a while and when I did it seemed slow compared to my Core 5i desktop computer. (I use Windows 7 ultimate with the latest updates) Laptop for Work Now I might be doing a fair bit of travelling to customer sites in the near future and the last thing I want is a poorly performing Laptop, so I decide to ditch all the crap I had on it like iTunes, movies, miscellaneous software and cut back to a basic "work" PC. After all I do have iPhone, iPad and new kindle (soon) for all my multi media needs. I purchased a "Corsair 120GB Force 3 SSD 2.5" SATA-III 6Gb/s Read = 550MB/s, Write = 510MB/s" from Now I am guessing that SATA-II rather that SATA-III on the system board, but the price difference between SATA-II and SATA-III wa

From IOS to Junos - Day 1

Notes from the day I am just going to dump my text notes for the day, you have no idea how long it would take to format this stuff, and hell I do it to share, not to make profit. cli configure system set root-authentication plain-text-password set host-name Junos1 set domain-name commit ====== Lets get ip connectivity up and running top edit interfaces set em0 unit 0 family inet address **note unit 0 is logical and not physical but a bit like cisco default pysical interface makes more sense in Junos commit ***exit into operational mode > ping ---- working yippee SSH and Telnet access just check that I cannot telnet to ssh to routers configure services **should be in configure system **tried configure system but could not jump to there, had to go to top then configure system set services telnet set services ssh **LOL - was trying to connect and still got "connection refused" have forgot to commit commit **Got connected with SSH - used r

From IOS to Junos Series - Foreword

IOS to JUNOS challenge I have set myself a small challenge of obtaining JNCIA-Junos in the next few week. To assist in achieving this to supplement the study material on the Juniper web site, I have set myself up a small lab environment using VMWare EXSi 5.0 Hypervisor and Juniper Olive (JUNOS 10.1). I got great help from I currently have the following at my disposal from the Juniper web site: JNCIA-Junos_SG_part_1_09-16-2010.pdf JNCIA-Junos_SG_part_2_09-16-2010.pdf I also bought two kindle books JUNOS Enterprise Routing [Kindle Edition] By: Doug Marschke, Harry Reynolds JUNOS Enterprise Switching [Kindle Edition] By: Doug Marschke, Harry Reynolds The exam blue print can be found here I hope to tick these off as I work through my lab. I have quickly written the following objects for myself which I will expand as I progress on my journey.

Working on a Live Power Outlet - Would you ?

Health and Safety at Work So your better half has decided that they want the sockets in the Lounge changed from Plastic to Chrome Plated. What do you do ? Put on your rubber boots and gloves and start to work being really careful not to touch an exposed wire! or do you switch the circuit off then perform the upgrade ensuring everything is correct. I know my preferred method! Danger is my middle name Now in networking terms being a Cisco CCIE I often have to put on my rubber boots and gloves because working on any configuration on a Cisco IOS Router (except new ASR9K) that is effectively what you are doing. One wrong command and you are gonna get a shock! Need to read more I never really gave this much consideration, I just accepted it as the way it is. Now I see this as complacency on my part. Anyway my competency was challenged when I started to read into Juniper JUNOS. (Don't worry if any one seen Juniper it on my computer screen at work, I just flipped over to YouTube). Cisco pl

Cisco IOU and VMware vSwitch

I have been looking around the interweb seeing Cisco IOU kicking around,I began to wonder how you could integrate this into an environment where you can build a lab with connections to external devices. e.g Firewalls, ACS server, other vendor routers etc. Particularly how would I build a test environment assuming that I could legitimately use IOU.  Anyway after looking a the article I could how this could be done with a physical machine, but how would this relate to an IOU machine in ESX Vmware. I would have multiple NICs tied to different VLANS, then use IOU2Net to connect interfaces in IOU to these different network; easy!!! So as I sit back and dream of what could be if Cisco would release a version that I could be use in such a way, I realized a problem. "promiscuous mode" - this is require for traffic to traverse from the real work back into the IOU instance, however if you add new NICs to a vSwitch in

Multicast Traffic Generator without a PC

I have suffered the pain of trying to troubleshoot Multicast issues over the past few years (mainly across MPLS), however initially I struggled to find way of generating my own traffic independent of any application that was experiencing issues. Most of the time being the network guy I would not have access to run the application (sender) at one site and the client (receiver) at another site. I also would not be in the position to install my own sender + receiver devices on the network, so I was stuck with the tools available to me on the Cisco routers/switches at each end of the network. Looking at the they assume that you are able to control the sender and receiver;  they have not mention two of the most valuable tools in my opinion to begin troubleshooting multicast. ping ip igmp join-group It does mention "show ip mroute count" and "show ip mroute" which are indeed valuable.

Break the Network Emulators out of the Cloud

Cisco IOU and JunoSphere Recently both Cisco and Juniper have announced the availability of online resources to provide hands on training over the internet. They have built software emulators in the cloud that can be accessed remotely for a cost. These solutions are based purely around the certification programs and therefore are pretty rigid in the topology that are provided, not to mention the re-occurring cost. Rack Rentals There are training providers such as Internetwork Expert ( and IPexpert ( who provide rack rentals based on their training materials. These guy cannot possibly compete going forward. To keep these sustainable they will need to reduce the overhead of building physical racks, providing power and space for the racks. Using e

Weird CatOS to IOS Trunk Problem – Cannot Ping

I was setting this very basic configuration up the other evening and could not get basic L3 connectivity up and running.   I have a ASR 1002 on one side and an Catalyst 6509 running Hybrid CATOS and IOS. The configuration is basically to connect two devices for routing using 802.1q vlans. Here is the configs, but I cannot ping between the devices. ASR1002 interface GigabitEthernet0/0/2 no ip address negotiation auto ! interface GigabitEthernet0/0/2.700 encapsulation dot1Q 700 ip address ip ospf network point-to-point 6509 – Switch set vlan 700   3/3 clear trunk 3/3  1-699,701-1005,1025-4094 set trunk 3/3  on dot1q 700 set spantree portfast    3/3 enable trunk end 6509 - MSFC interface Vlan700 ip address ip ospf network point-to-point end I could not see any issue, so to confirm try and establish if it was some trunking issue, I remove the trunk and used the main interface on the ASR1000 and access port to vlan on the 6509 and

QoS:What happens at the Service Provider PE ?

A while back I wrote an article on DSCP QoS over MPLS , since that time I have been working on some service provider networks and thought this would be a good opportunity to expand what happens at the PE with regards to DSCP to Experimental bit mapping(Traffic Class).   CE to PE I have put together a diagram to help illustrate how many different service providers customers traffic is aggregated at the service providers PE. [caption id="attachment_183" align="aligncenter" width="300" caption="CEtoPEQoS"] [/caption]     We can see in this example that each customer has different bandwidth requirements for voice and other traffic. We should also note that the PE is where we change from IP VRF domains to the MPLS domain of the Service Provider, once traffic is inside the MPLS we lose the ability to identify traffic on a per customer basis (in relation to QoS). When the traffic moves from the IP VR

ASR1006 Dual Route Processors Password Recovery - Tip

I recently ran into an issue when trying to perform dual route processors password recovery on a Cisco  ASR1006 Problem After breaking into rommon mode and using confreg to ignore the startup configuration, during the rest the ASR1006 loaded the startup configuration!!!!!!!! Solution So quick and simple, I pulled one of the RP and preformed password recovery running on a single RP. All went according to the Cisco documentation   After the system running on a single RP was recovered and fully booted I waiting for 5 minutes just to be sure; then I inserted the second RP and allowed everything to sync up.   All was well again :) phew   Note: The system was previously fully functioning with dual RPs; a configuration error was made during Tacacs+ configuration which resulted in lockout.   Summary I hit an issue recovering and ASR with dual RPs, so rather that spending hour researching, I decided ve

No Service Password Recovery - It is not the end of the world

Myth Having a chat with some people and this came up in conversation, "no service password recovery" and people seemed to be taking it quite literally. e.g. if you forget your password the devices it is dead and needs to go back to Cisco, not being a security guy I though ok, but it was bothering me. So a quick lookup on cisco Fact In fact what this feature does is prevent you from getting access to the startup configuration, you can recover the device to FACTORY DEFAULT - the config has gone. Of course will have a backup of the config so it should be no big deal to switch this feature on every device, assuming the device supports it.   Take Note of the comments : " Before deploying this feature, TEST the password recovery. Some platforms (based on ROMMON version) are EXTREMELY hard to recover. " Thanks Ivan  

Are you VRF aware?

Virtual Routing and Forwarding VRFs Virtual Routing and Forwarding Instances have been about for a long time in the world of service providers, we are now seeing VRFs capabilities as part of the world outside service providers. VRFs have their own routing instance in a router (own routing table) and the instance is assigned generally assigned to an interface, the interface then only applys to that particular VRF. So for example you could have a Management VRF and this is connected to a separate management network. Management Processes need to know If you assign an interface in a VRF for management then the management processes: TACACS SNMP SSH TELNET NTP NETFLOW etc..... need to know "be VRF aware", because typically they will be running against the Global (Default) routing table. Examples TACACS aaa group server tacacs+ Management server-private timeout 15 key mysecretket ip vrf forwarding Management-VRF ip tacacs source-interface Loopback10 NETFLO

What is Carrier Ethernet

A New Ethernet ? I was recently working with Cisco ASR9000s and when looking at the different line card options I came across the phrase "Carrier Ethernet", I didn't know if I had missed the mail shot telling me that the Ethernet Standard had changed. From Cisco's ASR 9000 Series Ethernet Line Card data sheet "The Cisco ASR 9000 Series Line Cards together with the Cisco ASR 9000 Series platforms are designed to provide the fundamental infrastructure for scalable CarrierEthernet and IP/MPLS networks" So what is CarrierEthernet? In its most simplistic form it is the ability to emulate  Ethernet services across the WAN. It makes more sense if instead of reading CarrierEthernet read Carrier Ethernet Services.   E-Line = Point to Point E-LAN = Multipoint ETree = Point to Multipoint These topology definitions alone do not cover what Carrier Ethernet is; Carrier Ethernet include standards and SLAs that are required in essence so you can compare offerings from