Video Blogs

I am quite busy with my studies now that I don't have time to blog. I am thinking of using Camtasia and instead do a Video blog, saves a lot of time and the explanation will be real time. I want to get active in posting again as the visits in this site seems to be increasing.

Let me know if this is a good idea. Thanks!

Using TCL to Prepare Configuration

If you have worked as a network engineer for an enterprise or even a telco, you would notice that the best practice to have a standard configuration template. Sometimes, you are stuck in a situation wherein you need to prepare configuration let's say for around 20 routers and time is not on your side. My approach for this when I was starting my networking career was to get that standard template and start filing up the necessary configuration in notepad for the 20 routers and save one file after another. Believe me it was not an easy task and it was prone to having typo's.

It is for sure a tedious task but using TCL, it will pretty much make your life easier. I have researched for a way to automate the config preparation provided you have all the necessary data required. I am not a programmer but somehow I managed to find some TCL software and commands to make this possible. Before we begin we would need to have TCLKIT which can be downloaded here.

Now for this example, let us only try to create configs for 10 routers. Our standard config is as shown below. (not so long so make things easier)

hostname (hostname)
!
interface Serial1/1 
ip address (ip address)(mask)  
!
router ospf 1
network (network) (wildcard) area (ospf area)

The first step is to create our variables, quite much work required for this especially for long standard configs. We will create variables for those with () in the standard config above. These are the parts in the configuration wherein the data will be placed. Standard configuration with variables shown below.

hostname $hostname
!
interface Serial1/1
ip address $ipaddress $ipmask
!
router ospf 1
network $network $wildcard area $ospfarea

Now we have created our variables. Let us use the multivariable "foreach" TCL command to create a looping script. We put in our variables next to the "foreach" statement. The "$" is not required. If you are not familiar with this, please visit this post.

foreach {hostname ipaddress ipmask network wildcard ospfarea}

The next line of this script will now contain the data. Prepare the data in excel spreadsheet and the sequence of the columns should be the same as the one listed in the "foreach" statement. Then add that to the second line of the script. Put an open { before the data and } after the data.
Add also the important commands below that will make auto text file generation for each config file. The final script will look like something below. Then save this as a text file.

foreach {hostname ipaddress ipmask network wildcard ospfarea} {
Router1    1.1.1.1    255.255.255.0    1.1.1.1    0.0.0.0    1
Router2    1.1.1.2    255.255.255.0    1.1.1.2    0.0.0.0    2
Router3    1.1.1.3    255.255.255.0    1.1.1.3    0.0.0.0    3
Router4    1.1.1.4    255.255.255.0    1.1.1.4    0.0.0.0    4
Router5    1.1.1.5    255.255.255.0    1.1.1.5    0.0.0.0    5
Router6    1.1.1.6    255.255.255.0    1.1.1.6    0.0.0.0    6
Router7    1.1.1.7    255.255.255.0    1.1.1.7    0.0.0.0    7
Router8    1.1.1.8    255.255.255.0    1.1.1.8    0.0.0.0    8
Router9    1.1.1.9    255.255.255.0    1.1.1.9    0.0.0.0    9
Router10    1.1.1.10    255.255.255.0    1.1.1.10    0.0.0.0    10

} {set data "

hostname $hostname
!
interface Serial1/1
ip address $ipaddress $ipmask
!
router ospf 1
network $network $wildcard area $ospfarea

"
      set filename "${hostname}.txt"
      set fileId [open $filename "w"]
      puts -nonewline $fileId $data
      close $fileId

}

Now its time to auto generate the configs. What this looping script does is take the first line on the data, do the variable substitution and then at the end it will save the text file with the hostname as the filename. It does this until the last line of the data. The files will be auto generated where the TCLKIT software is saved.




Open TCLKIT, two windows will appear big and small. Click on File -> Source ->Go to the directory where you saved the script as text file -> Change "Files of Type to "All Files" -> Select the Script. Then viola, your configurations appear and all variables substituted. It makes life easier for a network engineer.

Merry Christmas and a Happy New Year to All

It's been a while since I touched any materials and listened to Scott Morris' Audio bootcamp. My current job really demands a lot of my time. After 3 months of inactivity I promised myself that I will bounce back. I only have 11 months left to take the lab so I'll be studying full force when the new year arrives.

Anyways have a Merry Christmas and Happy New Year to be everybody. Let us overcome any hindrances that tries to stop us from getting our dreams fulfilled. Expect new posts coming when the new year comes. Enjoy!

It's Been A While

Again, its been a while since I posted something here. I miss the technical stuff I was doing and I could say I was 70% ready for the CCIE exam now I am back to mere 1%. I have a lot more things to share and once again I'll try to find time. Whatever happens my dream to be a CCIE still stands. Hope to hear good news from guys reading my posts.

New Job

It's just today that I have posted something here and the reason behind this is that I am moving to Singapore for a new job on first week of September. I have been very busy with employment passes and other things required for the transfer. My new job involves lesser technical job than what I did in Hewlett Packard but its around 50/50 similar to my current job in a bank. 50 percent for technical and 50 percent for network project management. Even though I lost the other half to project management :), its still related as I will be handling network projects specifically MPLS migrations. Will my pursuit for CCIE still continue? The answer is yes. I love the technical stuff and its still useful with my current job position. My studies for now is in a standstill though I have finished all the topics I need a round or two to go through again all of them.

I will be posting here topics from time to time since there are people who requested from me. I never thought there are people interested with my blog. :) I have created a Facebook page for those who view my blog entries and those who like to be my friends. Please join/like I WANT TO BE A CCIE in Facebook. See you there and keep in touch.

Answer: Reload Router By Telnet

Configure a default route from R1 pointing to R2's ip address. The challenge is to reboot R1
from a telnet command from R3 without typing the command "reload".  R3 should not telnet
directly to 12.12.12.1 but instead it should telnet 23.23.23.2 port 3000 to get to 12.12.12.1
port 3005. R1 should automatically ask to proceed to reboot and not ask for username/password
once the telnet from R3 is executed.

Solution is pretty simple. First we need to configure NATing on R2 to translate 23.23.23.2 port 3000 to 12.12.12.1 port 3005.

R2#
!
ip nat inside source static tcp 12.12.12.1 3005 23.23.23.2 3000 extendable
!
interface Serial1/3
 ip nat outside
interface Serial1/1
 ip nat inside

Lets also configure telnet password in R2 for testing.

line vty 0 4
password cisco
login

Now we have solved the first problem. There are 3 issues left on R1, how to make telnet not ask for a password, how to use port 3005 for telnet and how to make the reload automatic. Here's how the configuration should look like.

R1#
!
line vty 0 4
privilege level 15
no login
rotary 5
autocommand  reload

Setting the vty to "privilege level 15" and configuring "no login" by passes user authentication. By default if there is no password set the device will refuse connections. "Rotary 5" command lets you use port 2005, 3005, 4005 and so on for telnet. The "autocommand" feature executes whatever command after the telnet.

Let's test first telneting to 23.23.23.2 using default telnet port.

R3#telnet 23.23.23.2
Trying 23.23.23.2 ... Open


User Access Verification

Password:
R2>

We see it doesn't go to R1 but to R2 instead. Now to test using port 3000.

R3#telnet 23.23.23.2 3000
Trying 23.23.23.2, 3000 ... Open


System configuration has been modified. Save? [yes/no]:

Debug on R1
R1#debug ip packet
*Aug 26 15:47:43.299: IP: tableid=0, s=23.23.23.3 (Serial1/2), d=12.12.12.1 (Serial1/2), routed via RIB
*Aug 26 15:47:43.299: IP: s=23.23.23.3 (Serial1/2), d=12.12.12.1 (Serial1/2), len 44, rcvd 3
*Aug 26 15:47:43.307: IP: tableid=0, s=12.12.12.1 (local), d=23.23.23.3 (Serial1/2), routed via FIB
*Aug 26 15:47:43.307: IP: s=12.12.12.1 (local), d=23.23.23.3 (Serial1/2), len 44, sending

The debug clearly shows that the telnet came from R3. The telnet due to NAT redirected the traffic towards 12.12.12.1. Some people call this NAT redirection. Obviously this is not a practical way to reload routers but this is just for fun and to demonstrate how can be used to redirect traffic. I haven't seen any enterprise using this way to reload and will not see in the future. LOLS!

Lab Challenge: Reload Router By Telnet

Here's a little challenge, I thought of this during my train trip when I was going home this evening. This should be pretty easy. Consider the diagram below and the scenario.

Configure a default route from R1 pointing to R2's ip address. The challenge is to reboot R1
from a telnet command from R3 without typing the command "reload".  R3 should not telnet
directly to 12.12.12.1 but instead it should telnet 23.23.23.2 port 3000 to get to 12.12.12.1
port 3005. R1 should automatically ask to proceed to reboot and not ask for username/password
once the telnet from R3 is executed.

I believe this should be pretty easy for everyone. Let me know your thoughts on how to solve this challenge. I will post a blog entry regarding this for the next post. For now I need to get back to the belly of the IOS beast. Cheers!

Broadcast/Network Ping

If there is a need to ping several devices in one same subnet and broadcast domain, you can do several commands or ping like the one below.

R1#ping 10.1.1.255

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.255, timeout is 2 seconds:

Reply to request 0 from 10.1.1.2, 80 ms
Reply to request 0 from 10.1.1.3, 80 ms
Reply to request 0 from 10.1.1.4, 80 ms
Reply to request 1 from 10.1.1.4, 52 ms
Reply to request 1 from 10.1.1.2, 52 ms
Reply to request 1 from 10.1.1.3, 52 ms
Reply to request 2 from 10.1.1.3, 84 ms
Reply to request 2 from 10.1.1.4, 84 ms
Reply to request 2 from 10.1.1.2, 84 ms
Reply to request 3 from 10.1.1.2, 20 ms
Reply to request 3 from 10.1.1.4, 20 ms
Reply to request 3 from 10.1.1.3, 20 ms
Reply to request 4 from 10.1.1.3, 16 ms
Reply to request 4 from 10.1.1.4, 16 ms
Reply to request 4 from 10.1.1.2, 16 ms

You can also use the Network Address.

R1#ping 10.1.1.0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.0, timeout is 2 seconds:

Reply to request 0 from 10.1.1.4, 84 ms
Reply to request 0 from 10.1.1.2, 112 ms
Reply to request 0 from 10.1.1.3, 84 ms
Reply to request 1 from 10.1.1.2, 72 ms
Reply to request 1 from 10.1.1.3, 72 ms
Reply to request 1 from 10.1.1.4, 72 ms
Reply to request 2 from 10.1.1.4, 68 ms
Reply to request 2 from 10.1.1.2, 68 ms
Reply to request 2 from 10.1.1.3, 68 ms
Reply to request 3 from 10.1.1.3, 64 ms
Reply to request 3 from 10.1.1.4, 64 ms
Reply to request 3 from 10.1.1.2, 64 ms
Reply to request 4 from 10.1.1.4, 72 ms
Reply to request 4 from 10.1.1.3, 72 ms
Reply to request 4 from 10.1.1.2, 72 ms

You can also do a single ping command to check if all links in the routers are up or not. You can the following below. This works on all kinds of WAN interfaces connected to the router.

R1#ping 255.255.255.255 rep 1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 2 seconds:

Reply to request 0 from 15.15.15.5, 16 ms
Reply to request 0 from 10.1.1.4, 16 ms
Reply to request 0 from 10.1.1.3, 16 ms
Reply to request 0 from 10.1.1.2, 16 ms

This command can be helpful during the CCIE lab exam to verify if interfaces are working. I assume that all who read this already knew this from their CCNA studies but I guess there are exceptions. Even the smartest Cisco Engineers forget basic commands sometimes. Let me know if you are one of those who didn't know this one.

Free Troubleshooting Lab

If you want to check out Narbik's troubleshooting workbook and want to get an idea of it, you can visit Dan's blog. This contains around 12 trouble tickets and 1 full TS lab challenge consisting of 10 trouble tickets. Good news is that these are Dynamips ready for those who don't have a real home labs.

If I am not mistaken, Dan is Narbik's partner in creating the Micronics Troubleshooting Workbooks. You can also find a free Narbik troubleshooting workbook in this link. Go check it out and have some fun!

Flag Counter

I have added a flag counter. I haven't realize I need to track from which countries readers are coming from. It's only after I got 25,000 visits based on the counter below the blog, I realized this. Thanks for the people who are visiting this blog.

If you have any topics you wish to request, please do. Despite of my busy schedules for work and study, I'll find time to blog the request.