weblogs.com.pk

Proud To Be Pakistanis!
Welcome to weblogs.com.pk Sign in | Join | Help
in Search

Browse by Tags

All Tags » CISCO
Showing page 1 of 2 (67 total posts)
  • Cisco IOS 15.0 (new features).. Awesome

    Cisco released IOS 15.0. This is the next major release after 12.4. It’s been over 4 years since Cisco has delivered a major release of IOS code. The new features listed in the documentation include:  •BGP Event Based VPN Import;•BGP Per Neighbor Graceful Restart Configuration;•BGP RT Changes Without PE-CE Neighbor Impact;•BGP local ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on October 6, 2009
  • Randy Bush on IPv6 Deployment

    Great interview with Randy Bush. Very interesting thoughts about costs experienced when hitting the IPv4 wall v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} Normal 0 false false false EN-US X-NONE ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on June 13, 2009
  • Scripting for Switches/Routers

    The advantage of having a scripting language on your router seems to come in pretty handy sometimes (though I bet most people don’t really use the Tcl interpreter on their Cisco’s). I have been using TCL scripts for ages. The new EEM is just heavenly, you can trigger on almost everything. Even add your own syslog messages or create menus for ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on March 23, 2009
  • Trusted Prefixes (JUNOS vs IOS)

    Juniper's JUNOS: filter trusted-prefixes {   term controlled-access {     from {        address {                     ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on February 9, 2009
  • IGP competition ISIS or OSPF

    I understand that this question is a lot more complex than a simple yes or no since factors like design and routing policy will certainly affect the protocols behavior. It's really difficult to decide and get information on what the top network service providers are using for their IGP? I'm trying to build a case for switching from OSPF to IS-IS ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on January 22, 2009
  • BGP default route advertisement

    In most design scenarios, you’d like to advertise the BGP default route to EBGP neighbors without having a BGP default route in your own BGP table. For example, an ISP might decide to advertise only the BGP default route and local BGP networks to customers multi-homed to a single ISP. To advertise a BGP default route to a BGP neighbor, use the ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on January 16, 2009
  • IPv6 default routing (Cisco IOS && Juniper JUNOS)

    If your next hop has the information about how to get to everywhere you need to be able to reach,it is easier to use a default route than to list all the locations exhaustively :). Lets get cracking on IPv6 default routing today !    We will use the above simple network toplogy to configure default routing on Cisco/Juniper ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on January 5, 2009
  • Rate limit OR traffic shaping

    Rate limit or shaping is always confusing; as to which one to use.The goal of traffic shaping is hard-limiting of sending rate, while the purpose of rate-limiting is usually admission control based on burst sizes. Traffic shaping hard-forces “fixed” sending rate, absorbing and smoothing incoming packet bursts. Rate-limit never smoothes but ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on January 1, 2009
  • Multi-vendor OSPF implementation on Juniper && Cisco (Part 2)

    Some differences: Because OSPF has several checks and balances in regards to neighbor adjacencies, and because those adjacencies are essential for actual routing, their defaults remain the same between the two vendors. These include authentication (except in the case of OSPFv3), hello/dead intervals and area types. One note about authentication: ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on December 30, 2008
  • Multi-vendor OSPF implementation on Juniper && Cisco (Part 1)

     RFC stuff is really fun; I will take a look at the implementation of OSPF from the perspective of two well known vendors: Cisco and Juniper. Do you know the standards?OSPF version 2 is defined in RFC 2328. Like all protocol standards it details every aspect of the protocol. And like all protocol standards it leaves just enough room for ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on December 30, 2008
  • Juniper Switches

    If you have got a big block of free time, the best way to put that to use is to play with Cisco/Juniper; and thats the reason why i'm not getting married :) Anyways Juniper introduced EX switches, as promised long time before... Here are my findings..EX Switches have Frontal LCD panel for maintenance procedures, isn't it crazy that you can reset ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on December 26, 2008
  • Using DNS Name in Cisco Access-lists

    When you configure an access list that should prevent spammers from misusing your network, You obviously had to figure out the IP address of the ISP’s SMTP server (access lists and object groups accept IP addresses). You can enter a hostname in an IOS ACL … and it works. Actually, IOS performs a DNS lookup when you enter the hostname (assuming you ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on November 27, 2008
  • How NBAR actually classifies the traffic flows?

     I still love Cisco. My one true love. It hurts with you :) Anyways lets start with Layer 7 traffic filtring on Cisco router. NBAR protocol classification feature has long supported enhanced HTTP URL matching features. However, Cisco documentation site never provided a detailed description of the pattern language used for URL matching; ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on November 15, 2008
  • L2VPN Taxonomy

       
    Posted to Masood Ahmad Shah (Weblog) by jahil on September 17, 2008
  • JUNOS Candidate Configuration and Explicit Commits

    One of my longtime gripes about IOS is that when you type a new statement to the CLI and hit return, the statement immediately becomes active on the router. For someone as mistake-prone as me, this is a big risk. And given that the majority of network problems are due to human error rather than hardware and software failures, it is a risk for ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on September 14, 2008
  • Cisco && Magic Question Mark (?)

    In Cisco IOS, Every mode (user mode, privileged mode etc) has help system built in. You can use the magic question mark (?) in user mode as well as in sub-configuration mode. What if you want to use question mark (?) in description or aspath-regex. :) Well, to write a question mark in IOS, the escape sequence CTRL-V or ESC-Q must be entered ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on May 14, 2008
  • Cisco URL Blocking/Filtering

    NBAR can be used to apply application based filters such as blocking youtube.com traffic. To accomplish this we can categorize traffic based on the HTTP hostname. Next we will create a policy-map that matches the youtube.com class and drops the traffic. Lastly the policy is applied outbound to the Internet. Syntax-wise this would ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on May 14, 2008
  • How to Netflow with Csico 6500

    The post has been written to answer Mr Drew's asked question.  The NetFlow table on the route processor (RP) captures statistics for flows routed in software and the NetFlow table on the PFC (and on each DFC) captures statistics for flows routed in hardware. In PFC3A mode, NetFlow collects statistics only for routed traffic. With ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on May 2, 2008
  • :) (CCIE) :(

    I just finished Vol 1 Bridging and Switching labs... again. I'm redoing all of Vol 1 labs, and repeating once more the ones I wasn't able to do without consulting the Doc cd or the lab solutions. My idea is to have an absolute mastership in all technologies focused on Vol 1's labs, before moving on to Vol 2.Volume 1 labs are great to ''solidify'' ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on February 21, 2008
  • How to identify/reset the stuck sessions in Cisco Router's

    There are 5 max concurrent session in Cisco world. There can be a situation in life in which the max concurrent sessions reach the limits. When addressing such situations, it might help. The following command on Unix will dump all the TCBs of the remote router:   jahil$ snmpwalk -v 2c -c your_readwrite_community router ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on July 21, 2007
  • ARP entries are periodically refreshed if you use CEF switching

    Generally there are no adverse side effects from enabling CEF. The main one to watch out for is that certain debugging will not work for packets that are fast switched. I have spent many unhappy hours struggling unsuccessfully to get the information that I wanted before I realized what the problem was. As it turns out, the router will ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on June 16, 2007
  • Cisco ACS in Large WAN Infrastructure

    We have large WAN infrastructure and recently we implemented Cisco ACS. During configuration of Cisco ACS; you will have to define all TACACS+/RADIUS clients; A wildcard may be used to match all possibilities instead defining hundreds of TACACS+/RADIUS clients one by one. Well: You can wildcard the address of the AAA clients. ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on June 20, 2006
  • TCL (Tool Control Language) & Cisco

    Somewhere during testing any successful Network Reachability, it will be necessary to test the reachability of addresses from each device in your network. Some people use cut and paste techniques coupled with Notepad to ping the addresses. Unfortunately, there are numerous drawbacks to this technique. While this sounds like a great ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on June 14, 2006
  • Encapsulation Problem

    A common problem which I have seen during point to point circuit testing is an Encapsulation problem. If you work in an organization where you don’t have a control on the other side then you know what I am talking about. I have seen that if you are backbone guy and you are setting your router interface to encapsulation ppp. You will somehow ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on June 5, 2006
  • Testing Remote Authentication of Users on Wireless Network

    One of the greatest challenges in supporting a large wireless network is testing authentication from a remote access point. Asking a user to retry a login multiple times can be time consuming and frustrating.To solve this problem, you can use the test aaa group command to test both RADIUS and TACACS authentication using a user ID and password ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on June 4, 2006
  • passive-interface

    We have large enterprise network supporting distribution routers with multiple interfaces, it’s always a tough task to keep track of adjacencies. There are times where you really wonder whether you want to form adjacencies with all interfaces or not.The solution to this problem has been to configure the routing protocol on all interfaces and ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on June 3, 2006
  • Connecting a new switch

    When connecting a new switch to your network you can accidentally change your current VLAN database if the new switch has a higher VLAN Trunking Protocol (VTP) revision number. To avoid this, you must clear the VTP revision number on the new switch. The easiest way is to change the VTP domain name to “something_else” and back to ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on June 3, 2006
  • CISCO/Proxy ARP

    In normal circumstances Network Engineer used to configure interface’s with ''no ip proxy-arp''. If, however, static routes use the interface as the destination instead of a next-hop router, proxy ARP is required. Proxy Address Resolution Protocol (ARP) replies are sent to an ARP request destined for another device. When an intermediate ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on April 5, 2006
  • VTP updates from a VTP server

    VTP was not updating the configuration on other switches when the VLAN configuration changes. I checked (show trunk command) switches are connected through trunk links. Because VTP updates are exchanged only over trunk links. Keeping in mind that VTP updates are only exchanged between switches in the same VTP domain. I checked ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on March 20, 2006
  • Private v/s Global IP’s

    One of the things which has always annoyed me about this argument was people making the assumption that routing of addresses and registration of addresses was related. You can have a ''private'' shared address, which is routed on the Internet. People who can't figure out how to filter, also can't figure out how to filter RFC1918 ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on March 12, 2006
  • How Secure is WEP?

    I intended to write this month about WLAN Security something other than switching/routing, system administration, or network engineering . But I've been spending a bit too much time recently working with some of the WLAN cracking (''security administration'') tools, to see how well they work on my own Wireless Access Point (WAP). ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on February 25, 2006
  • FreeRADIUS EAP/TLS ^^^ Windows XP as supplicant

    This is one of those things where I was way over my head. I’ve been trying to set up an 802.1x-protected access point at office with support for EAP, PEAP, and EAP-TTLS. Why? So I could connect to it from Windows XP and know what it feels like. (it’s one thing to write “Windows XP supports 802.1x”, it’s another thing to know it).I decided to ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on February 8, 2006
  • The Debug Command (Cisco)

    I've observed, people normally think that Cisco networking is very easy for them to go on. My opinion is different; I understand Cisco approach is very common; but it’s not the best way to go. In particular order, people should learn network essentials and it should include Cabling,Physical Interfaces,Network Layer Model ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on January 29, 2006
  • VLANs && Auto Trunking

    In our environment a large number of VLANs exist; So we have a large number of trunk ports inter-connecting switches. During troubleshooting, I have found that Cisco catalyst switches often have auto trunking enabled by default. I think this makes them vulnerable to two different kinds of attacks. The first one being the crafting of ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on January 16, 2006
  • ICMP Packet Filtering

    One of our aggressive Network Administrator enabled the ICMP block at our border routers. Due to his this; I can’t make “ping;traceroute” neither “pathping”. Also, If  your router enabled ICMP block ; You can’t determine the routing loops; And, it will overload router CPU and Memory as well. The router can be configured to block ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on January 15, 2006
  • Auto-negotiation/Hard-code

    I find it quite odd that as a service provider you would ever trust your network to auto negotiation. Hard code the port - leave nothing to chance. Is just one extra command, and you should be doing that after you label the port, with a description and putting it in a VLAN, correct ? With the exception of some cheap NICs (and older ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on December 18, 2005
  • Network Bottlenecks

    We have several remote offices that are connected by various kinds of pipes. The tool that can measure the available bandwidth and determine where our bottlenecks might be. Take a look at the program pchar. It's available from: http://www.kitchenlab.org/www/bmah/Software/pchar/and in the FreeBSD ports tree as ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on October 3, 2005
  • Network Traffic Analysis (FlowViewer)

    I recently configured flow-tools called FlowViewer on the flow-tools mailing list ( http://mailman.splintered.net/mailman/listinfo/flow-tools ). Granted it produces web-based text reports and not graphs at this time, it may still be useful to you.http://ensight.eos.nasa.gov/FlowViewer/FlowViewer makes analysis of netflow data quick and easy. The ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on September 26, 2005
  • Measuring Bandwidth Utilization on Cisco Switch

    Somebody asked me about how to check bandwidth utilization on Cisco switch ports. The most important he is not going to  play like SNMP things :) To give him answer simply, Here is sample output:Switch> show controllers utilizationPort Receive Utilization Transmit UtilizationFa0/1 0 0Fa0/2 ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on September 25, 2005
  • lower priority processes

    I’m writing, you are reading J Well it’s about got damm time. In cases where extremely high network load presents itself on the interface of a router, it is possible that other tasks will not be able to run. By default, the Cisco IOS allocates 5% of the CPU time to the lower priority tasks. During a high load event, such as a DDOS, this ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on September 17, 2005
  • Preventing a hung process

    In the majority of cases, Cisco routers perform quite well without any tuning required. However, there do exist those cases (during an attack, high utilization during special events, etc.) that require a little extra care and feeding. This post presents some tuning tips as well as a treatise on the meaning behind the various IOS counters you ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on September 17, 2005
  • Internal or External CSU/DSU

    In these days, we are suffering badly due to unprotected Saudi Telecom copper wires. The rainy season has been started. We had lost more than 15 CSU/DSU within a week. In this environment I have learned that we should use surge protectors/light arresters for such kind of legacy media/devices.    Also network infrastructure ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on September 14, 2005
  • Duplex Mismatch, CRC Errors or Output Errors

    This is a common problem with Cisco.  Many of their port cards are NOT autosensing.  They hard-code to a specific speed and duplex.  The autosensing ones allow you to set ''auto'' on the adapter, the others won't. If you plug an ethernet port that is hard coded into a typical switch that has autosensing ports, you will get ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on August 31, 2005
  • Cisco Clean Access Unauthenticated API Access

    Cisco Clean Access (CCA) is a software solution that can automatically detect, isolate, and clean infected or vulnerable devices that attempt to access your network. CCA includes as part of the architecture an Application Program Interface (API). Lack of authentication while invoking API methods can allow an attacker to bypass security ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on August 20, 2005
  • Creation and Configuration Virtual Routing and Forwarding (VRF)

    In the last MPLS post, I discussed how to turn on MPLS service on the router and how to bind the labels to the IP packets. Today's post focuses on the creation and configuration of the Virtual Routing and Forwarding (VRF) delivered by Layer 3 MPLS VPNs. The concept of virtual routing is an important aspect of MPLS. It enables PE routers to ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on August 8, 2005
  • Verification/Troubleshooting MPLS Basic

    After configuring the routers to perform neighbor discovery and label/tag exchange the commands to verify that the process has completed successfully are as follows: Neighbor Verification TAG E3C2-GE6-0# show tag-switching tdp-neighbor MPLS E3C2-GE6-0# show mpls ldp neighbor The output of these commands will show the neighbor identity (in ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on August 7, 2005
  • Configuring MPLS Basic

    In addition to MPLS theory, you must be able to configure the routers as well. The configuration can apply to customer edge routers, provider edge routers or provider routers. Each of these must be configured in order for MPLS to work within an enterprise architecture. Although the responsibility for configuration of each router may vary based ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on August 7, 2005
  • Locating Problems in the Network

    My network comprises several Cisco Catalyst® 6500 Series Layer 3 switches and many Catalyst 3500 Series Layer 2 switches. To quickly find the exact location and network port of a workstation that generates problems such as worms, viruses, or loss of connectivity, I use the following method: 1. Check for the workstation's IP address, and ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on August 3, 2005
  • Securing Cisco Router

    I have had been actively involved with Cisco devices since last five-six years. The most interesting one is Router. Routers constitute the core components of most networks and, as such, securing the router platform should be the first step toward securing your network. Working in different companies Pakistan and KSA ( ...
    Posted to Masood Ahmad Shah (Weblog) by jahil on August 2, 2005
  • RADIUS Authentication Bypass

    Remote Authentication Dial In User Service (RADIUS) authentication on a device that is running certain versions of Cisco Internetworking Operating System (IOS) and configured with a fallback method to none can be bypassed. http://www.cisco.com/en/US/products/products_security_advisory09186a00804ae616.shtml
    Posted to Masood Ahmad Shah (Weblog) by jahil on July 2, 2005
1 2 Next >
Powered by Community Server (Personal Edition), by Telligent Systems