Wednesday, April 30, 2008

Accessing the hidden console of VIPs of a 7500

The 7500 platform use the VIP (Versatile Interface Processor) for WAN interfaces. When dCEF is active the actual processing of the packets is done by these interfaces. Each one has its own CPU, memory, etc. The troubleshooting of this VIPs is difficult from the main IOS. In order to gain access to a deeper level you can access the hidden "console" of each VIP.

The hidden command for this is "if-con X" where X is the position of the VIP. There you will have a subset of commands only related to the VIP hardware itself. Under that CLI you may also run the also hidden command "sh process cpu" or "sh process memory" which will inform the processes and memory utilization related to the VIP itself.

Wednesday, February 20, 2008

Tunnel-less VPN with Cisco Group Encrypted Transport (GET) - Part1

Nowadays, the requirement for encrypted communication between business locations is part of the standard requirements from our customers. More and more regulatory laws force the use of encrypted communication.

The classic scalability issue with IPSec site-to-site encryption is that it requires each location to have a VPN to every other location. In other words, we will need N^2 tunnels defined on a network with N devices. This is obviously, a non scalable solution.

Expanding a VMWare Virtual Disk

My primary OS is Linux but I have VMWare machines with Windows and other OSes, for testing of tools and softwares.

I keep a basic installation of the Windows OS (XP, Server, etc) in a VMWare machine and keep it updated and patched. Whenever I need to do a software evaluation, I simply use a copy of the basic installation. In this way, I don't spend time re-installing the basic OS for every test.

Thursday, January 31, 2008

Cisco Router as DHCP Server

All Cisco Layer3 switches & routers, have the capability to run a DHCP server. Sooner or latter you will find yourself with the need to configure a router as a DHCP Server.

The configuration is quiet straight forward. Lets say we have the following interface to our LAN:
interface FastEthernet 0/0
 description Uplink to Users Segment
 ip address

Monday, January 14, 2008

Cisco's Core Dumps to an FTP

There are times when you will need to capture a core dump of a Cisco device that has been crashing.

Core dumps contains a copy of the router's entire memory contents. In some circumstances this will help technical support to determine what is causing the crash of your network device or will help the developers to pin-point bugs.

Cisco provides a simple way for doing this. In our case we are going to configure and FTP server as the destination for the core dumps.

My Cisco Virtual Lab Topology I

I have real Cisco routers and switches but most of the time I rather use virtual devices based on Dynamips. They are portable with my laptop, don't consume additional electricity and provide me with and environment to test features anywhere I go with my laptop. I use it to test QoS, MPLS, IP routing (with OSPF, EIGRP, BGP), gatekeepers configurations, load-balancing, etc. It is just as having the real thing with you.

For example, during my last trip I found myself running 15 routers on my laptop, doing a BGP load balancing configuration validation for a service provider. (Well, I managed to do the job but my laptop's battery was totally drained in little bit more than an hour). But the idea is that, it is a really flexible solution. (BTW, I run Linux so I don't have the memory limitations that the Windows instances have.)