Kumari.net

Index:


Blog

Networking Tips and Tricks

Networking Tips and Tricks

  • IETF Draft Editing Tips and Tricks.

    This contains a bunch of tips and tricks for editing IETF Drafts, beating XML2RFC into submission, etc… 

    Referencing an I-D

    It is (reference.I-D.<draft name without “draft-” and without version>):
    <?rfc include=’reference.I-D.ietf-dnsop-sutld-ps.xml’?>

    And to reference this reference: I-D.ietf-dnsop-sutld-ps

     

    More information can be found here: https://xml2rfc.tools.ietf.org/

     

     

  • Mode reset a Cisco AP from the command line…

    Often you want to mode reset a Cisco AP, but don’t want to walk over and physically poke it. 

     

    This seems to work (at least in my experience):

    erase /all nvram:
    write default-config
    reload

     

    or, from a script:

    echo -e “erase /all nvram:\ny\nwrite default-config\ny\nreload\n\n” | ssh <ap>

  • Juniper: Connecting to the FEB

    In order to connect directly to the FEB (or CFEB), drop to the shell, su to root and then do:

    vty cfeb

    You can also connect to an FPC directly with:

    vty fpc<number>

    Useful commands from here:

    show nvram

    You may also want to check out Connecting to SSB directly

  • Juniper: Using or replacing Compact Flash

    Notes on using and / or replacing compact flash in a Juniper router.

    dd if=/dev/zero of=/dev/rad3 bs=64k
    disklabel -w -r ad3 auto
    newfs /dev/rad3c
    mount /dev/ad3c /mnt
    (then copy files over)
    root@R3%
    root@R3% dd if=/dev/zero of=/dev/rad3 bs=64k
    dd: /dev/rad3: end of device
    1961+0 records in
    1960+0 records out
    128450560 bytes transferred in 127.336640 secs
    (1008748 bytes/sec)
    root@R3% disklabel -w -r ad3 auto
    root@R3% newfs /dev/rad3c
    Warning: 3072 sector(s) in last cylinder unallocated
    /dev/rad3c:     250880 sectors in 62 cylinders of 1tracks, 4096 sectors
    122.5MB in 4 cyl groups (16 c/g, 32.00MB/g, 7616 i/g)
    super-block backups (for fsck -b #) at:
    32, 65568, 131104, 196640
    root@R3% mount /dev/ad3c /mnt
    root@R3% cli show sys stora
    Filesystem              Size       Used      Avail Capacity   Mounted on
    /dev/ad0s1a              77M        35M        36M  49%  /
    devfs                    16K        16K         0B 100%  /dev/
    /dev/vn0                 13M        13M         0B 100%  /packages/mnt/jbase
    /dev/vn1                 41M        41M         0B 100%  /packages/mnt/jkernel-7.0R2.7
    /dev/vn2                7.4M       7.4M         0B 100%  /packages/mnt/jpfe-M10-7.0R2.7
    /dev/vn3                2.1M       2.1M         0B 100%  /packages/mnt/jdocs-7.0R2.7
    /dev/vn4                 15M        15M         0B 100%  /packages/mnt/jroute-7.0R2.7
    /dev/vn5                4.8M       4.8M         0B 100%  /packages/mnt/jcrypto-7.0R2.7
    mfs:172                 1.5G       6.0K       1.3G   0%  /tmp
    /dev/ad0s1e              12M       5.0K        11M   0%  /config
    procfs                  4.0K       4.0K         0B 100%  /proc
    /dev/ad1s1f             9.4G       1.8G       6.8G  21%  /var
    /dev/ad3c               119M       1.0K       109M   0%  /mnt
    *****

    Here you can see that the pcmcia is labled as /dev/ad3c. To actually view the contents you would need to look at the mount point or ls-l /mnt.

     

  • Using TACACS for enable access

    When Cisco (and many similar) devices need to check if a user is allowed into enable mode they send an authorization request for a specific username.

    This username (and associated password) need to be in the password file as bellow:

    $enab15$:<ENC PASSWD>:1000:499:Exec:/:/bin/false

    where “15” is the authentication level being requested.

  • Gigabit Ethernet (GigE) crossover pinouts

    It is a common misconception that the Gigabit Ethernet spec requires Auto-MDIX capabilities — it doesn’t!

     A (copper) GE cable has all four pairs crossed over: 1-3 2-6 3-1 6-2 4-7 5-8 7-4 8-5 — this is different to 10/100 BaseT which only requires 2 pairs.

    Pin Signal Color Pin Signal Color
    1 BI_DA+ white/green 1 BI_DA+ white/orange
    2 BI_DA- green 2 BI_DA- orange
    3 BI_DB+ white/orange 3 BI_DB+ white/green
    4 BI_DC+ blue 4 BI_DC+ white/brown
    5 BI_DC- white/blue 5 BI_DC- brown
    6 BI_DB- orange 6 BI_DB- green
    7 BI_DD+ white/brown 7 BI_DD+ blue
    8 BI_DD- brown 8 BI_DD- white/blue

  • Juniper: Connecting to the SSB

    To connect directly to the SSB do

    [edit]
    root@router# run start shell pfe network ssb 
    SSB platform (200/266Mhz PPC 603e processor, 64MB
    memory, 256KB flash)
    SSB0(router vty)# show syslog messages
    SSB0(router vty)# show nvram

  • Juniper: Using FXP0 as a routed interface

    WARNING — THIS IS ALMOST ALWAYS A BAD IDEA!!!!

    The FXP0 interface (on the front of the routing-engine) is designed to be use for OOB access only and usually does not route. 

    For emergency use you may be able to make if route by doing the following:

    sysctl -w net.pfe.transit_re=1

    Keep in mind that the packet forwarding is then performed by the routing engine itself (the control plane). This means that:

    • Your CPU will run hot
    • Forwarding will be slow
    • Under load your protocols might not converge
    • Lots of other unhappy things will happen

    Only use this for low speed, emergency use.

  • Connecting to a specific port on an Airconsole.

    I have a number of get console Airconsoles – these are nice, simple, small, and cheap terminal servers. 

    Unfortunately(?) I don’t use them often enough to always remember how to connect to a specific serial port — what is the ssh port offset? 3000? 4000? What if I have a firewall that only allows port 22? 

    This is my cheat-sheet:

     

    Connecting to port 4:

    ssh <ip> -p 4004

    or

    ssh <username>:4@<ip>

    E.g:

    ssh admin:4@192.0.2.1