Friday, August 22, 2008

Recover IOS using tftpdnld from ROMMON

In Cisco 2600/2800/3800 Series Router we can recover IOS using Trivial File Transfer Protocol (TFTP) over ethernet interface using the ROMmon tftpdnld command.
tfptdnld is more faster rather than recovering IOS via Xmodem.

There are some variables to set when we want to transfer files to router using tftpdnld.
You can type tftpdnld -h

rommon 1 > tftpdnld -r

usage: tftpdnld [-hr]


Use this command for disaster recovery only to recover an image via TFTP.

Monitor variables are used to set up parameters for the transfer.

(Syntax: "VARIABLE_NAME=value" and use "set" to show current variables.)
"ctrl-c" or "break" stops the transfer before flash erase begins.


The following variables are REQUIRED to be set for tftpdnld:
IP_ADDRESS: The IP address for this unit
IP_SUBNET_MASK: The subnet mask for this unit
DEFAULT_GATEWAY: The default gateway for this unit

TFTP_SERVER: The IP address of the server to fetch from

TFTP_FILE: The filename to fetch


The following variables are OPTIONAL:
GE_PORT: Ethernet port number for download, 0 or 1 (default=0)

TFTP_MEDIA_TYPE: Media select for GE_PORT=0, 0(Copper) or 1(Fiber) (default=0)
TFTP_VERBOSE: Print setting. 0=quiet, 1=progress(default), 2=verbose
TFTP_RETRY_COUNT: Retry count for ARP and TFTP (default=20)
TFTP_TIMEOUT: Overall timeout of operation in seconds (default=7200)

TFTP_CHECKSUM: Perform checksum test on image, 0=no, 1=yes (default=1)

TFTP_MACADDR: The MAC address for this unit

GE_SPEED_MODE: 0=10/hdx, 1=10/fdx, 2=100/hdx, 3=100/fdx, 4=1000/fdx,
5=Auto (default)

Command line options:
-h: this help screen

-r: do not write flash, load to DRAM only and launch image


Below is an example in using tftpdnld to recover an IOS image name c3845-adventerprisek9-mz.124-21.bin to a Cisco 3845 router:

rommon 1 > IP_ADDRESS=171.68.171.0
rommon 2 > IP_ADDRESS=10.0.0.1

rommon 3 > IP_SUBNET_MASK=255.255.255.0

rommon 4 > DEFAULT_GATEWAY=10.0.0.13

rommon 5 > TFTP_SERVER=10.0.0.13

rommon 6 > TFTP_FILE=c3845-adventerprisek9-mz.124-21.bin

rommon 7 > tftpdnld

IP_ADDRESS: 10.0.0.1

IP_SUBNET_MASK: 255.255.255.0

DEFAULT_GATEWAY: 10.0.0.13

TFTP_SERVER: 10.0.0.13
TFTP_FILE: c3845-adventerprisek9-mz.124-21.bin
GE_PORT: Ge0/0
TFTP_MEDIA_TYPE: Copper

GE_SPEED_MODE: Auto
Invoke this command for disaster recovery only.

WARNING: all existing data in all partitions on flash will be lost!

Do you wish to continue? y/n: [n]: y


Receiving c3845-adventerprisek9-mz.124-21.bin from 10.0.0.13 !!!!!!!!!!!!!!!!!!!!!!!!!!!!

File reception completed.
Copying file c3845-adventerprisek9-mz.124-21.bin to flash.
Erasing flash at 0x607c0000

program flash location 0x60440000

rommon 8 >


References:
http://www.cisco.com/en/US/products/hw/routers/ps259/products_tech_note09186a008015bf9e.shtml

Friday, May 30, 2008

Configuring Cisco HWIC-3G

Some people asked me about configuring HWIC-3G-GSM or HWIC-3G-CDMA module. To read more information about these modules, you can open this link http://www.cisco.com/go/3g

Basically, Cisco 3G Wireless WAN HWIC provides a cost-effective alternative to ISDN dial back up and provides Business Continuity for critical applications.
  • Offers Broadband data rates up to 3.2 Mbps with EVDO and 3.6 Mbps with HSDPA
  • Supports CDMA and GSM/UMTS standards (EVDO Rev A / HSDPA)
  • Target Applications – WAN Backup, Rapid Deployment, Portable Applications
  • Supported on Cisco 1841 / 2800 / 3800 Series Routers
  • Embedded mini PCI express Cellular modem from Sierra Wireless
  • Modem firmware is upgradeable, it is not bundled with IOS
  • Multiple external antenna options for in-building deployments

Firmware

Sierra Wireless modem firmware is not bundled with IOS. Modem firmware upgrade may be required for bug fixes and enhancements

Search for new firmware here: http://www.cisco.com/kobayashi/sw-center/sw-wireless.shtml

IOS Commands to upgrade firmware:
microcode reload cellular cdma modem-provision
where pa-bay is 0 for HWIC, slot is the slot number where the 3G HWIC is plugged in (0-3).

Note: The firmware is packaged as a TAR archive. After copying to router flash, use the following command to untar:
archive tar /xtract flash: flash:


HWIC Insertion and Recognition


Router#show version

1 Virtual Private Network (VPN) Module

1 Cellular interface

DRAM configuration is 64 bits wide with parity enabled.
479K bytes of NVRAM.


Router#show diag
WIC Slot 0:
3G WWAN HWIC-HSDPA/UMTS/EDGE/GPRS-850/900/1800/1900/2100MHz
...
Product (FRU) Number : HWIC-3G-GSM
Version Identifier : NA

Router#show run
!
interface Cellular0/0/0
no ip address
shutdown
!



Profile Configuration CLI


Up to 16 Profiles can be configured at one time, when no profile is selected, profile 1 is used.

GSM Profile configuration command:
cellular x/x/x gsm profile create [chap|pap] username passwd
cellular x/x/x gsm profile delete


Profile Selection
Using “ATDT*98*#”in the dialer chat script

Router# cellular 0/0/0 gsm profile create 1 ISP.CINGULAR chap ISP@CINGULARGPRS.COM CINGULAR1

Profile 1 = INACTIVE*
--------
PDP Type = IPv4, Header Compression = OFF
Data Compression = OFF

Access Point Name (APN) = ISP.CINGULAR

Authentication = PAP

Username: ISP@CINGULARGPRS.COM, Password: CINGULAR1



New Cellular Interface configuration

The new Cellular interface is an Async Serial interface and requires following configuration

PPP Configuration
encapsulation ppp
ppp chap hostname
ppp chap password
ppp ipcp dns request


Dialer Configuration:
async mode interactive
dialer in-band

IP Address configuration
ip address negotiated

Sample Configuration:

interface Cellular0/0/0
ip address negotiated
ip nat outside
encapsulation ppp
dialer in-band
dialer string gsm
dialer-group 1
async mode interactive
ppp chap hostname dummy
ppp chap password 0 dummy
ppp ipcp dns request
!


Dialer/Chat Scripts


ATDT*98*#
where profile-number could be 1-16 and represents
the modem profile to be used for the call.

Example chat script:
chat-script gsm “” “ATDT*98*2#” TIMEOUT 30 CONNECT

For default Profile 1, profile number can be left out in the chat script:
chat-script gsm “” “ATDT*98#” TIMEOUT 30 CONNECT



Configuration Examples














Here we have the 3G as the primary connection, we use Dynamic IP Address and the Router acting as a DHCP server. The laptop connects to the router via wireless, in the router we have HWIC-AP module installed.

dot11 ssid test
authentication open
!
ip dhcp pool wlan-client
network 10.4.0.0 255.255.0.0
default-router 10.1.0.1
dns-server 66.102.163.231 66.102.163.232
!
chat-script gsm "" "ATDT*99#" TIMEOUT 60 "CONNECT"
!
interface Dot11Radio0/2/0
no ip address
!
ssid test
!
bridge-group 104
!
interface Cellular0/0/0
ip address negotiated
ip nat outside
encapsulation ppp
dialer in-band
dialer string gsm
dialer-group 1
async mode interactive
ppp chap hostname cisco@wwan.ccs
ppp chap password 0 cisco
ppp ipcp dns request
!
interface bv1
ip address 10.4.0.1 255.255.0.0
ip nat inside
!
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0
!
ip nat inside source list 10 interface Cellular0/0/0 overload
!
access-list 1 permit any
dialer-list 1 protocol ip list 1
!
line 0/0/0
exec-timeout 0 0
script dialer gsm
login
modem InOut
no exec
!



Sunday, May 25, 2008

How to Configure an Access Server for Lab

If you see CBT Nuggets, TrainSignal, Cisco Video Mentor, the instructors can change access between devices easily. That's where an Access Server comes into play.
Moving around to plug/unplug a console cable from one to another is tired every time you want to configure/access different device. The solution to this problem is purchasing and configuring an Access Server.
Remote labs from Internetwork Expert also use an Access Server for the labs at racks.internetworkexpert.com.

If the Async port is serial like 2511's picture below, you will need a special octal cable CAB-OCTAL-ASYNC Cable. But if the Access Server Async ports are in RJ-45, you will only need a basic UTP RJ-45-to-RJ-45 rollover cable.









Once you've got your AS and the appropriate cable, you're ready to configure your AS. Below is the example diagram on how to connect the AS with the devices, and then you will connect one of the RJ-45 connectors to the console port of each one of your devices that has console port. If you're using an octal cable, make sure to note the number that's on the cable itself right below the connector, because that's very important.




















In the above example, we have an Access Server, 2 routers, 1 switch, and 1 ASA.
Router 1 (R1) will be plugged using 1st cable and it will be using port 2001, 2nd cable will be port 2002, etc.

Basically we only need to configure a loopback interface, an an ip host name and port that point to the loopback address. The basic configuration will be like this:
hostname AS
!
!
ip host ASA 2004 1.1.1.1
ip host S1 2003 1.1.1.1
ip host R2 2002 1.1.1.1
ip host R1 2001 1.1.1.1
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
no ip directed-broadcast
!
There are two ways to connect to devices attached to an access server, you can terminate your exec session on the access server itself (one terminal window for all sessions), or you can terminate your exec session on the device connected to the access server (one terminal window for each session).

When you terminate your exec session on the access server you then “reverse telnet” to the individual devices connected to the access server. Normally to do this you first login to the access server and then issue the “show hosts” command to see the host mappings. Next, reverse telnet to them by typing the hostname and pressing enter. To get back to the access server issue the escape sequence CTRL-SHIFT-6-X. To do so hold ctrl and shift, hit 6, release all keys, then hit X. From the access server you can then open new connections or resume connections that you already have open.

When you terminate your exec session on the device connected to the access server, i.e. by telnetting to the access server at port 2001, you cannot issue the escape sequence to reconnect to the access server. In this situation you would open multiple terminal windows if you wanted to connect to multiple devices.

In my office lab, I made it similar to internetwork expert racks lab. Using login local, and have multiple user plus a menu.

For more information watch this class-on-demand video on using an Access Server.

Reference:

Wednesday, May 7, 2008

Extract a file or copy a folder from TFTP to flash

Sometimes you need to copy a bunch of files or a folder or maybe extract an archive file to a Cisco device. For instance, you need to upgrade the IOS of your Cisco Catalyst Switch or Cisco Aironet Access Points. If you need to upgrade to a newer IOS, usually Cisco provides an archived IOS.
For example, a 1200 Aironet IOS image will be available like this in cisco.com: c1200-k9w7-tar.123-8.JA2.tar.
That is a bit different compared to a Cisco Router image that used to be a *.bin file.

If you extract the
c1200-k9w7-tar.123-8.JA2.tar file, then you will have the image with a name like this: c1200-k9w7-mx.123-8.JA2, with another couple of files.
You will need to copy all these files into your Access Point.

So how to copy the the image to the Access Point?
Do we need to copy it one by one from tftp using "copy tftp flash" command?
The answer is no, that's where the "archive tar" command comes into play.

The example below, I extract a c1200-k9w7-tar.123-8.JA2.tar
file from my TFTP server (192.168.3.250) to Cisco Aironet 's flash:
ap#archive tar /xtract tftp://192.168.3.250/c1200-k9w7-tar.123-8.JA2.tar flash:
Loading c1200-k9w7-tar.123-8.JA2.tar from 192.168.3.250 (via BVI1): !
extracting info (274 bytes)
c1200-k9w7-mx.123-8.JA2/ (directory) 0 (bytes)
c1200-k9w7-mx.123-8.JA2/html/ (directory) 0 (bytes)
c1200-k9w7-mx.123-8.JA2/html/level/ (directory) 0 (bytes)
c1200-k9w7-mx.123-8.JA2/html/level/1/ (directory) 0 (bytes)
extracting c1200-k9w7-mx.123-8.JA2/html/level/1/appsui.js (557 bytes)
extracting c1200-k9w7-mx.123-8.JA2/html/level/1/back.shtml (498 bytes)!
...
...
...
(output truncated)
...
...
...

c1200-k9w7-mx.123-8.JA2/html/level/15/ap_contextmgr_scm_summary.shtml.gz (5559 bytes)!

extracting c1200-k9w7-mx.123-8.JA2/c1200-k9w7-mx.123-8.JA2 (3654874 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting c1200-k9w7-mx.123-8.JA2/5001.img (131328 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting c1200-k9w7-mx.123-8.JA2/5101.img (131328 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!
extracting c1200-k9w7-mx.123-8.JA2/6301.img (131328 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting c1200-k9w7-mx.123-8.JA2/6701.img (131328 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting c1200-k9w7-mx.123-8.JA2/6701_cal.img (131328 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting c1200-k9w7-mx.123-8.JA2/info (274 bytes)
extracting info.ver (274 bytes)!
[OK - 5017600 bytes]
This is just a trick. To upgrade an IOS/image of a Cisco device, you can use the archive download-sw command or use the web GUI (for Cisco Aironet Access Point).

Sunday, March 9, 2008

Frame Relay Switching over a Tunnel

In 1996 Cisco Systems to Join with StrataCom, a leading supplier of Asynchronous Transfer Mode (ATM) and Frame Relay high-speed wide area network (WAN) switching equipment that integrates and transports a wide variety of information, including voice, data and video.
Cisco MGX Multiservice Switches provide Frame Relay services at the Provider Edge.
In a lab situation, we can configured Cisco IOS on standard routers and access servers to provide frame relay services.

There are several ways to relay frames in IOS:
  1. DCE-DCE (multiple DCE interfaces), basic switching using frame-route command
  2. DCE-DCE (multiple DCE interfaces, on newer IOS such as 12.2T), using connect command
  3. Hybrid, 1 DCE and 1 DTE
  4. Back-to-Back, which requires lmi to be disabled with no keepalive
  5. Tunnel Methods
To learn how to configure Cisco router as a Frame Relay switch, you can read my friend's blog, awa here.

Here I will give some configuration examples of Frame Relay switch using Tunnel methods.
Suppose you need 4 ports Frame Relay Switch for making a Full Mesh Frame Relay topology, but all you had is only 2 Cisco routers with 2 serials and 1 ethernet interfaces.
IOS permits us to send a switched frame relay packets over an IP tunnel. This permits the frame relay encapsulated serial interfaces to be located on different routers.
This diagram below may be looked complex, but its only just a Full Mesh Frame Relay topology.
















There are 2 fundamental tricks use to get this trick to work:
  1. Using tunnel interface as the destination in the frame-route statements
  2. Making the same PVC is referenced by the same DLCI on both side of the tunnels
Configuration of SW1:
interface serial 0
no ip address
encapsulation frame-relay
no fair-queue
clock rate 128000000
frame-relay intf-type dce
frame-route 102 interface Tunnel0 122
frame-route 103 interface Tunnel0 123
frame-route 104 interface Serial3 401

interface tunnel 0
ip unnumbered ethernet 0
tunnel source ethernet 0
tunnel destination 172.16.10.5
Configuration of SW2:
interface serial 1/0
no ip address
encapsulation frame-relay
clock rate 128000000
frame-relay intf-type dce
frame-route 201 interface Tunnel0 122
frame-route 203 interface Serial1/1 302
frame-route 204 interface Tunnel0 422

interface tunnel 0
ip unnumbered FastEthernet 0/0
tunnel source FastEthernet 0/0
tunnel destination 172.16.10.7

Frame Relay Basics

Frame Relay is an OSI Layer 2 Wide Area Network Protocol. It is commonly implemented as a WAN access protocol on the link between the customer and the provider edge. It also can be implemented as core protocol.
Frame Relay permits multiple Permanent Virtual Circuits (PVC) to use the same physical link, providing a kind of Layer 2 VPN between customer locations. These PVCs can be flexibly designed as Full Mesh or Hub and Spoke depending on traffic patterns and budgets.

Frames are relayed using the Data Link Connection Identifier (DLCI). The DLCI uniquely identifies traffic for a given PVC on a given physical channel, it is a 10 bit number that can vary between 0 and 1023. I will use the diagram below to explain the usage of DLCI.

If HQ want to send packets destinate to Branch A, HQ's router need to know which DLCI to use for packet with next hop of 123.3. This mapping of far side Layer 3 address to near side Layer 2 address can be created statically or dynamically using inverse arp.
In mapping table the router determine the traffic with the next hop of 123.2 should go out on the PVC designated by DLCI 102. It encapsulates the packet in the frame and search the DLCI of 102 address in the frame header, and send it out the interface to Switch1. The Switch1 replaces the DLCI of 102 in the frame header with DLCI 112 and sends it on Switch2. Switch2 rewrites the header with DLCI 201 and sends the frame on to the Branch A router. The same process takes places from packets from HQ destinated to Branch B.

In the diagram, you see the Headquarters and Branches connected over Frame Relay. The Frame Relay Service Provider cloud consists of 2 SW1 and SW2 which are Cisco Routers that configured for Frame Relay Switching. Notice that the customer router connected to Frame Relay cloud and shared the same subnet 172.16.123.x.

Frame Relay interfaces in Cisco can be configured as:
  • DTE (Data Terminal Equipment), Serial interfaces at R1, R2, and R3 as routed interfaces
  • DCE (Data Communications Equipment), Serial 1/0 at Switch 1, Serial 0 and Serial 2 at Switch S2
  • NNI (Network-to-Network Interface), Serial 0/0 at Switch 1, Serial 1 at Switch S2

Configuration of DTE interfaces in R1:
interface serial 1/0
ip address 172.16.123.1 255.255.255.0
clock rate 128000
no dce-terminal-timing-enable
Configuration of DCE interfaces in SW1:
interface serial 1/0
no ip address
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 102 interface serial 0/0 112
frame-relay route 103 interface serial 0/0 113
Configuration of NNI interfaces in SW1:
interface serial 0/0
no ip address
encapsulation frame-relay
no fair-queue
frame-relay intf-type nni
frame-relay route 112 interface serial 0/0 102
frame-relay route 113 interface serial 0/0 103

Sunday, February 10, 2008

Cisco SDM (Security Device Manager)

What is SDM?
Cisco SDM is short to acronym that stands for Security Device Manager. Cisco at the first time want to come up with a way to secure Cisco devices by having a little walkthrough using wizard without having all the knowledge of security to lock a Cisco device down. Later on they keep adding features to this SDM like monitor, see the traffic all that kind of stuffs but it still called SDM.

It is web based, a java based applicaton and it works in all mainline Cisco Routers.
What it means by mainline is mainstream routers that usually used by organizations like the 2800, 2600, 3600, 2800, 1800, 800 series. The non mainstream one are the extremely advanced series one like in Service Providers. By that point they usually won't need GUI and will prefer console one or in old routers. The SDM is designed to allow IOS configuration without extensive knowledge.


How to get SDM?


SDM is typically shipped with all Cisco routers on the flash when you buy it from Cisco or Cisco Resellers, so whenever you point you browser to that Cisco router it will automatically open up the SDM. But if it doesn't come up with the SDM you can actually get it at http://www.cisco.com/go/sdm and available free of charge.

SDM can be installed on your computer/PC, on the router in the flash, or on both.
If you installed ONLY it on the flash of the router, you can open the SDM from other PC that doesn't have the SDM and later the PC will download the SDM from the router and start running it from there. The disadvantage of doing that is anything that running from the flash of the router is going to be slow and will take longer to load up, not as smooth as the PC.
If you installed the SDM ONLY on the PC and not on the flash of router you actually run the program locally from PC. Then you can point to any IP address of any router that you want to manage without have to install SDM on the router and this is very cool options.

How to configure a Cisco router to support SDM?
  1. Put a domain name
  2. Generate Encryption Keys (used in SSH and HTTPS)
  3. Turn on the HTTP/HTTPS Servers & telnet/SSH for the router
  4. Create a privilege level 15 user account
  5. Enabling the telnet/SSH
  6. Configure vty & http access ports for privilege level 15 and to use the local user database
  7. Install java on your PC and access the router using a web browser (if SDM is installed on router) or open up the Cisco SDM software (if SDM is installed on PC)
In order to generate the cryptography / encryption keys, first we must put domain name
R1(config)#ip domain-name [domain name]
Generate encryption RSA keys, RSA is a key that is used to secure SSH and HTTPS and in this example I generate 1024 bit encryption
R1(config)#crypto key generate rsa general-keys ... How many buts in the mudulus [512]: 1024 % Generating 1024 ...
Turn on the HTTP (80)/HTTPS (443) Servers & telnet/SSH for the router
R1(config)#ip http server
R1(config)#ip http secure-server
Create a privilege level 15 user account, the highest (also called the enable mode)
R1(config)#username [name] privilege 15 password [password | secret]
Enabling the telnet/SSH, configure vty & http access ports for privilege level 15 and to use the local user database
R1(config)#line vty 0 4
R1(config)#privilege level 15
R1(config)#login local
R1(config-line)#transport input [all | none | telnet | ssh]
(Optional) Enable local logging to support the log monitoring function:

Router(config)# logging buffered 51200 warning



Open up the SDM


Access the router using a web browser (if SDM is installed on router) or open up the Cisco SDM software (if SDM is installed on PC) by navigating:
Start Menu>All Programs>Cisco Systems>Cisco SDM> Cisco SDM


An SDM launcher will come up
















A window for level 15 user authentication will come up

























When loading, again a window for authentication will come up but this one is from the java applicaton




















The SDM will be looked like below


















One good features is enabling the commands preview from Edit Menu>Preferences













After enabling the commands preview, a window of commands preview will be popped up if we make a change to the configuration like below

Sunday, February 3, 2008

Cisco Router Simulator with Dynamips / Dynagen

I will explain how to emulate our PC in order to emulate Cisco Router hardware and run virtual IOS processes on our local desktop.

What is Dynamips?
Dynamips is an IOS virtualization program that is similar to half VMware on desktop in order to simulate different hardware platforms.
Dynamips is different than traditional simulator e.g. Boson, Packet Tracer, Router eSim.
Dynamips doesn't emulate the IOS, it emulates the router hardware on PC, boot IOS images into different logical router processes, and they're gonna be able to talk with each other with whatever protocols in that particular IOS images.

In order to run dynamips:
-Windows / Mac Os / Linux
-Dynamips "hypervisor" that used to emulate router hardware
-Dynagen that is used to create configuration file and booting the hypervisor processes
-Dynamips included in Dynagen installer packare
-Actual IOS images
-Any Terminal emulation software like HyperTerminal, SecureCRT, Tera Term, etc

Windows (click here for Video Tutorial)
1. install winpcap, in order to support the network interfaces card to talk to the dynamips processes
2. install dynagen that includes the dynamips hypervisor
3. start Dynamips Server
4. run the *.net file config lab

Linux (click here for Video Tutorial)
1. Download dynagen using wget and extract using tar zxvf it to /opt/dynamips directory
2. Change directory to dynagen, check the README.txt to see which version of dynamips is required then go to dynamips blog to download the required version of dynamips.
3. Download the required version of dynamips using wget also into /opt/dynamips directory
4. Use 'chmod 755' command to make the dynamips binary executable
5. Navigate to /usr/bin directory to create symbolic links for the dynamips and dynagen program
6. Create a symbolic link to dynamips program give it a name e.g. dynamips. This will allow you to just type dynamips from anywhere to run the program. Here is the example:
ln -s /opt/dynamips/dynamips-0.2.7.-RC2-x86.bin dynamips
7. Create a symbolic link to dynagen program give it a name e.g. dynagen. This will allow you to just type dynagen from anywhere to run the program. Here is the example:
ln -s /opt/dynamips/dynagen-0.9.1/dynagen dynagen
8. Create a directory for IOS images and move IOS image to this directory.
mkdir /opt/dynamips/images
Configure *.net dynagen lab file that is gonna be used to configure what individual router instances we gonna run, what interfaces they have and what IOS image that they are gonna be running.
In sample_lab there are templates that can be changed. For example we want to try the simple1 lab inside simple1 directory with the name of configuration file is simple1.net. Change the bold text (c7200-adventerprisek9-mz.124-4.T1.bin) below becomes your IOS image file name.

Windows:
# Simple lab

[localhost]

[[7200]]
image = \Program Files\Dynamips\images\c7200-adventerprisek9-mz.124-4.T1.bin
# On Linux / Unix use forward slashes:
# image = /opt/7200-images/
c7200-adventerprisek9-mz.124-4.T1.bin
npe = npe-400
ram = 160

[[ROUTER R1]]
s1/0 = R2 s1/0

[[router R2]]
# No need to specify an adapter here, it is taken care of
# by the interface specification under Router R1


Linux:
# Simple lab

[localhost]

[[7200]]
# image = \Program Files\Dynamips\images\c7200-adventerprisek9-mz.124-4.T1.bin
# On Linux / Unix use forward slashes:
image = /opt/7200-images/
c7200-adventerprisek9-mz.124-4.T1.bin
npe = npe-400
ram = 256

[[ROUTER R1]]
s1/0 = R2 s1/0

[[router R2]]
# No need to specify an adapter here, it is taken care of
# by the interface specification under Router R1



Start Dynamips Server (launch the Hypervisor process).
Windows: Double click the 'Dynamips Server shortcut' usually on desktop

Linux
: dynamips -H 7200 &
Note: The '&' character instructs the process in the background.









Once we have start the Dynamips Server, then we initiate the configured *.net config file lab. In this example I try to run simple.net lab. Then a new window will popped up.

Windows
: Double click the 'simple1.net' file usually in C:\Program Files\Dynamips\sample_labs\simple1

Linux
: dynagen simple1.net





List the available devices in the lab using list command.

Windows: Connect to a router using telnet [device name] command e.g. telnet R1
Linux: Connect to router using telnet client such as putty on port 2000

A new window for the router will came up.


























Windows: You will see some error messages like below
% Crashinfo may not be recovered at bootflash crashinfo % This file system device reports an error
Linux: You might not have this error messages.

Windows: To fix this error we need to format the bootflash using command: format bootflash:
After finish formatting the bootflash, we need to make an adjustment to the idle-pc parameter in order to drop the CPU utilization on PC.

Now close the R1 telnet window and go back to console with a window title "Dynagen"



To get idle-pc value use command:
idlepc get [router name]
e.g. idlepc get R1
Choose the value marked with "*". If there is no "*" mark in first attempt, just try again the command idlepc get R1.

After applied the idlepc value, don't forget to save the idlepc value using command:
idlepc save [router name] db


You will notice the drop in CPU utilization since the idle-pc value already changed.

OK! Now we have a virtual Wide Area Network with Cisco Routers!

Additional information and materials:

Cisco Certified Voice Professional (CCVP)

I see there are a lot of materials in my office now to learn about Voice-Over-IP solutions. In addition, my first task now is to help a team that develops Advanced Technology Demo Units Voice and Unified Communications plus Cisco IP Interoperability and Collaboration System (IPICS). Besides, one of my team just finished her Bachelor's Thesis about IP Telephony and Cisco Unified Communications Manager (CallManager), maybe she can explain or teach me something regarding to IP Telephony.

Then, my friend told me that maybe I should take CCVP rather than CCNP since the condition and environment of my office can support me in pursuing CCVP.

The CCVP (Cisco Certified Voice Professional) validates a network professional's ability to implement and operate Cisco Unified Communications solutions in single site and multi-site deployments. Individuals who hold a CCVP certification can help create an IP telephony solution that is transparent, scalable, and manageable. The CCVP curriculum focuses on Cisco Unified CallManager, voice gateways and gatekeepers, switches, Unified IP Phones, and skills to secure the voice communications and ensure voice quality of service. Candidates must pass five secure, proctored certification-quality exams to become a Cisco Certified Voice Professional (CCVP). The prerequisite for the Cisco Certified Voice Professional (CCVP) is CCNA. As voice technologies continue to grow in importance Cisco helps you keep pace with a rapidly changing world.

The CCVP provides network professionals with the knowledge, skills, and credentials necessary
to design and implement end-to-end Cisco IP Telephony solutions. The certification content focuses on Cisco Call Manager, QoS, gateways, gatekeepers, IP phones, voice applications and utilities on Cisco routers and Catalyst switches..

Required Exam(s)
Recommended Training
642-642 QoS Quality of Service (QoS)
642-432 CVOICE Cisco Voice over IP (CVOICE)
AND
Cisco Voice over IP Fundamentals (CVF)
642-426 TUC Troubleshooting Cisco Unified Communications Systems (TUC)
642-444 CIPT 4.1


OR


642-445 CIPT 5.0
Cisco IP Telephony Part 1 (CIPT1 4.1)
AND
Cisco IP Telephony Part 2 (CIPT2 4.1)

OR

Cisco IP Telephony Part 1 (CIPT1 5.0)
AND
Cisco IP Telephony Part 2 (CIPT2 5.0)
642-453 GWGK Implementing Cisco Voice Gateways and Gatekeepers (GWGK)

So the steps that I should take are Cisco Voice Fundamentals, a 6-hour e-learning course to establish a strong foundation in VoIP and PSTN fundamentals, then CVOICE, followed by CIPT1, GWGK, or QoS in any order. CIPT2 should be completed only after completing CIPT1.

The final course in the series, IP Telephony Troubleshooting is best taken after having completed the other CCVP courses in the curriculum. Those will help me better understand how to install, configure and deploy the various voice products and technologies tested in the CCVP exams.

From the information that I got, there will be 5 exams to pass:
  • CVOICE is the foundation for it all (the most useful exam)
  • QoS is not much based on anything; but you need to have some background so it is better after CVOICE (the most interesting one)
  • GWGK is CVOICE2 (the hardest to master)
  • TUC has some parts built on CIPT knowledge (the easiest to do)
  • CIPT is a lot better after GWGK (the most boring)
I will think about CCVP and CCNP, which one should I choose for now...

Saturday, February 2, 2008

Cisco 1841 Router

Yesterday, 2 Cisco 1841 Routers just arrived to my office. For the first time, I don't see any differences with the other Cisco Routers.
It has 2 Integrated 10/100 Fast Ethernet ports and 2 WAN Interface Card slots.
Then I look back to the box. Hey! There are additional interface cards plus antennas and those things are for the WAN slots.

They are Cisco 3G Wireless WAN High-Speed WAN Interface Card and Cisco HWIC-AP WLAN Module.

The 3G over wireless provides broadband connectivity over the cellular networks.3G Wireless WAN HWICs is the first enterprise class 3G WAN solution. The 3G Wireless WAN HWICs support the following 3G and 2.5G technologies:
  • HWIC-3G-CDMA supports 1xEV-DO Rev A, 1x EV-DO Rev 0, and 1xRTT Up to 3.2Mbps
  • HWIC-3G-GSM supports HSDPA, UMTS, EDGE, and GPRS Up to 3.6Mbps
Then I grab a console cable and connect it to my laptop and here are the outputs

Router#sh flash
-#- --length-- -----date/time------ path
1 33688548 Feb 1 2008 16:15:20 +00:00 c1841-advipservicesk9-mz.124-15.T3.bin

30162944 bytes available (33689600 bytes used)

Router#sh int sta
Interface FastEthernet0/0 is disabled

Interface FastEthernet0/1 is disabled

Cellular0/0/0
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 0 0 0 0
Route cache 0 0 0 0
Total 0 0 0 0
Interface Dot11Radio0/1/0 is disabled

Router#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T3,
RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 24-Jan-08 13:53 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)

Router uptime is 1 minute
System returned to ROM by power-on
System image file is "flash:c1841-advipservicesk9-mz.124-15.T3.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 1841 (revision 4.1) with 234496K/27648K bytes of memory.
Processor board ID FHK090521G0
2 FastEthernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
1 802.11 Radio
1 Cellular interface
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62592K bytes of ATA CompactFlash (Read/Write)


Ok, I can try NTS connection using this router to connect to the Internet since NTS already supports 3G. But I don't know whether Lippotel/NTS already covered my area besides my pearl is out of battery and I don't bring my charger. Hmmm, maybe I'll try it on Monday. :D

More Information:

Thursday, January 31, 2008

Cisco Nexus 7000 Series Switch Family

SAN JOSE, Calif., Jan. 28, 2008 - Cisco® announced today an innovative family of data center-class switching platforms, the Cisco Nexus Series, to meet customer demands for next-generation mission-critical data centers. As the data center transitions to a more services-centric model, the network plays a pivotal role in orchestrating virtual IT resources and scaling workloads. The Cisco Nexus 7000 Series was designed with this environment in mind, delivering the infrastructure chapter of Cisco's Data Center 3.0 vision.

Today's announcement features a new data center platform with both hardware and software innovations, including:

  • The Cisco Nexus 7000 Series, the flagship data center-class switching platform combining Ethernet, IP, and storage capabilities across one unified network fabric
  • The Cisco Trusted Security (TrustSec) architecture
  • An advanced operating system, the Cisco Nexus Operating System (Cisco NX-OS), and the Cisco Data Center Network Manager

Introducing the Nexus 7000 Series: Purpose Built for Data Centers

The Cisco Nexus 7000 Series is the flagship member of the Cisco Nexus Family, the first in a new data center class of switching products. The Nexus 7000 is a highly scalable modular platform that delivers up to 15 terabits per second of switching capacity in a single chassis, supporting up to 512 10-gigabits-per-second (Gbps) Ethernet and future delivery of 40- and 100-Gbps Ethernet. Its unified fabric architecture combines Ethernet and storage capabilities into a single platform, designed to provide all servers with access to all network and storage resources. This enables data center consolidation and virtualization. Key components of the unified fabric architecture include unified I/O interfaces and Fibre Channel over Ethernet support to be delivered in the future.

The Nexus 7000 is designed specifically for the data center with improved airflow, integrated cable management, and a resilient platform architecture. The data plane is fully distributed and, when coupled with the Cisco NX-OS operating system, is designed to enable zero service-disruption upgrades on production systems. This provides a seamless systems design that reduces administrative tasks and simplifies complex systems operations.

More information:

Cisco Telco Summit 2008














For years Cisco has becomes a Network Solution. Now Cisco start to enter telecommunication market with introducing Next-Generation Network solutions.

To introduce the telecommunication solutions, Cisco convokes Cisco Telco Summit 2008 at Shangri-La Hotel Jakarta, on the 5th February 2008. This summit is meant to exhibit various Cisco's innovation and solutions that will lead telecommunication companies toward the future, where telecommunication will be more personal, fast, and flexible.
More information:

Monday, January 28, 2008

Archos for Networkers

Last year I read Mr. Himawan's post about Zen for CCIE, and I think it's very interesting to have Internetwork Expert Advanced Technology class-on-demand in a portable media player such that.
But I'm still far enough to pursue CCIE. I'm now in a Routing & Switching track, there are lot of things that I should learn before I start to pursue CCIE. Therefore I take CCNA, JNCIA-ER, JNCIS-ER and now I'm pursuing CCNP.




I see that CCNP has 4 exams to pass, and I think I should spent more time to learn the material starting from BSCI. Several months ago, I download all materials for CCNP, including ciscopress.com books, CCNP Video Mentor, CBT Nuggets, Trainsignals, etc. Thanks to Mr. Taufan for downloading all the materials for me since I don't have extra bandwith to download those things. For BSCI actually I have the BSCI Self-Study Guide book to read that I bought from Mr. Ricky, but that book is very thick and I don't have space to put it on my Dark Army Nike C.O.R.E. Audio Backpack.

So, I go to Mr. Himawan's blog again to read the review about the Zen. I searched in Gadtorade's mailing list, maybe there is a person who sell the thing. I found one but I cannot afford the price. But someone post about Archos Portable Media Player and I wonder how's that compared to the Creative Zen.

I wanted to buy the Creative Zen W since it has wide screen and big capacity. But, I don't have much money to afford that. Then I bought the Archos 405 from a webstore Indonesian Amazon. They give me special price for it, and they can deliver it to my place directly with good price for me.



Compared to Archos, Zen is wider.
But Archos has a built in PDF Viewer in it, WOW!
I can put my ebooks in it. The good things in the PDF Viewer is that the hyperlinks inside the PDF is working!
So I just go to the table of contents and choose which one I would like to read with one click away.
But it would be better if the PDF Viewer has PDA's like reflow feature and can
views in portrait or landscape mode.



Okay, the next thing is the CCNP Video Mentor to put. It looks great! :D











I like to watch DVD movies or series such as Prison Break also , but I don't have time to watch them. If I have spare time, I rather playing with dynamips, read ebooks, or watch video tutorials. But sometime I have that I want to watch the DVDs like in a bus, a car trip, or somewhere. Its impossible to watch DVDs from my laptop since it uses external DVD ROM and has smalll size of Hard Disk. Thanks to Simpledivx that comes together with the Archos' CD. Now I can put DVD movies in my Archos.


The Archos 605 and Archos 705 that have up to 160GB internal memory are better than mine since its only has 2GB internal memory, but I can't afford to buy those things since they're over my budget. So, the next thing for me is to buy a big SD Card to store other videos like the Internetwork Expert Class-On-Demand Video later. Hope I can spare my money to buy it later.

Sunday, January 20, 2008

Configuring Cisco Catalyst Switch

Here I will explain about configuring a Cisco Catalyst Switch
  • Preparation to Configure a Switch
  • Basic Switch Configuration:
    • Management Interface Considerations
    • Configure Management Interface
    • Configure Default Gateway
    • Verify Configuration
    • Configure Duplex and Speed
    • Configure a Web Interface
Prepare to Configure the Switch
The initial startup of a Catalyst switch requires the completion of the following steps:
Step 1. Before starting the switch, verify the following:
All network cable connections are secure.
Your PC or terminal is connected to the console port. Your terminal emulator application, such as HyperTerminal is running and configured properly. The figure shows a PC connected to a switch using the console port.
The figure below shows the correct configuration of HyperTerminal, which can be used to view the console of a Cisco device. In here I'm using a USB-to-RS232 converter the driver make a new Serial Port COM 15. If your PC or Laptop already has a Serial Port it should be COM 1.



















Step 2
. Attach the power cable plug to the switch power supply socket. The switch will start. Some Catalyst switches, including the Cisco Catalyst 2960 series, do not have power buttons.
Step 3. Observe the boot sequence as follows:
When the switch is on, the POST begins. During POST, the LEDs blink while a series of tests determine that the switch is functioning properly. When the POST has completed, the SYST LED rapidly blinks green. If the switch fails POST, the SYST LED turns amber. When a switch fails the POST test, it is necessary to repair the switch.
Observe the Cisco IOS software output text on the console.

The Boot Process on console should be like this:

Copyright (c) 1986-2006 by Cisco Systems, Inc,.

Compiled Fri 28-Jul-06 04:33 by yenanh

Image text-base: 0x0o003000, data—base: OxOOAA2F34

flashfs[l]: 602 files, 19 directories

flashfs[1]: 0 orphaned files, 0 orphaned directories flashfs[1r]: Tota1 bytes: 32514048

flashfs[1]: Bytes used: 7715328

flashfs[1]: Bytes available: 24798720

flashfs[1]: flashfs fsck took 1 seconds.

flashfs[1]: Initia1ization complete....done Initia1izing flashfs.

POST: CPU MIC register Tests : Begin

POST: CPU MIC register Tests : End, status Passed

POST: PortASIC Memory Tests : Begin

POST: PortASIC Memory Tests : End, Status Passed

POST: CPU MIC PostASIC interface Loopback Tests : Begin

POST: CPU MIC PostASIC interface Loopback Tests : End, Status Passed

POST: PostASIC RingLoopback Tests : Begin

POST: PostASIC RingLoopback Tests : End, Status Passed

POST: PostASIC CAM Subsystem Tests: Begin

During the initial startup of the switch, if POST failures are detected, they are reported to the console and the switch does not start. If POST completes successfully, and the switch has not been configured before, you are prompted to configure the switch.


Management Interface Considerations
An access layer switch is much like a PC in that you need to configure an IP address, a subnet mask, and a default gateway. To manage a switch remotely using TCP/IP, you need to assign the switch an IP address. In the figure, you want to manage S1 from PC1, a computer used for managing the network. To do this, you need to assign switch S1 an IP address. This IP address is assigned to a virtual interface called a virtual LAN (VLAN), and then it is necessary to ensure the VLAN is assigned to a specific port or ports on the switch.

The default configuration on the switch is to have the management of the switch controlled through VLAN 1. However, a best practice for basic switch configuration is to change the management VLAN to a VLAN other than VLAN 1. The implications and reasoning behind this action are explained in the next chapter. The figure illustrates the use of VLAN 99 as the management VLAN; however, it is important to consider that an interface other than VLAN 99 can be considered for the management interface.


Configure Management Interface
To configure an IP address and subnet mask on the management VLAN of the switch, you must be in VLAN interface configuration mode. Use the command interface vlan 99 and enter the ip address configuration command. You must use the no shutdown interface configuration command to make this Layer 3 interface operational. When you see "interface VLAN x", that refers to the Layer 3 interface associated with VLAN x. Only the management VLAN has an interface VLAN associated with it.

Note that a Layer 2 switch, such as the Cisco Catalyst 2960, only permits a single VLAN interface to be active at a time. This means that the Layer 3 interface, interface VLAN 99, is active, but the Layer 3 interface, interface VLAN 1, is not active.

Here is the Cisco IOS CLI Command Syntax:
S1#configure terminal
S1(config)#interface vlan 99
S1(config-if)#ip address 172.17.99.11 255.255.0.0
S1(config-if)#no shutdown
S1(config-if)#end
S1#configure terminal
S1(config)#interface fastethernet 0/18
S1(config-if)#switchport mode access
S1(config-if)#switchport acces vlan 99
S1(config-if)#end
S1#copy running-config startup-config


Configure Default Gateway

You need to configure the switch so that it can forward IP packets to distant networks. The default gateway is the mechanism for doing this. The switch forwards IP packets with destination IP addresses outside the local network to the default gateway. In the figure, router R1 is the next-hop router. Its IP address is 172.17.99.1.

To configure a default gateway for the switch, use the ip default-gateway command. Enter the IP address of the next-hop router interface that is directly connected to the switch where a default gateway is being configured. Make sure you save the configuration running on a switch or router. Use the copy running-config startup-config command to back up your configuration.


Verify Configuration
Here is an abbreviated screen output showing that VLAN 99 has been configured with an IP address and subnet mask, and Fast Ethernet port F0/18 has been assigned the VLAN 99 management interface:
S1#show running-config
...
!
interface FastEthernet0/18
switchport access vlan 99
switchport mode access
...
!
interface Vlan99
ip address 172.17.99.11 255.255.255.0
no-ip route cache
!
Show the IP Interfaces
Use the show ip interface brief to verify port operation and status. Y

The mdix auto Command

You used to be required to use certain cable types (cross-over, straight-through) when connecting between specific devices, switch-to-switch or switch-to-router. Instead, you can now use the mdix auto interface configuration command in the CLI to enable the automatic medium-dependent interface crossover (auto-MDIX) feature.

When the auto-MDIX feature is enabled, the switch detects the required cable type for copper Ethernet connections and configures the interfaces accordingly. Therefore, you can use either a crossover or a straight-through cable for connections to a copper 10/100/1000 port on the switch, regardless of the type of device on the other end of the connection.

The auto-MDIX feature is enabled by default on switches running Cisco IOS Release 12.2(18)SE or later. For releases between Cisco IOS Release 12.1(14)EA1 and 12.2(18)SE, the auto-MDIX feature is disabled by default.


Configure Duplex and Speed
You can use the duplex interface configuration command to specify the duplex mode of operation for switch ports. You can manually set the duplex mode and speed of switch ports to avoid inter-vendor issues with autonegotiation. Although there can be issues when you configure switch port duplex settings to auto, in this example, S1 and S2 switches have the same duplex settings and speeds. The figure describes the steps to configure the port F0/1 on the S1 switch.

Here is the Cisco IOS CLI Command Syntax:
S1#configure terminal
S1(config)#Interface fastethernet 0/1
S1(config-if)#duplex auto
S1(config-if)#speed auto
S1(config-if)#end
S1#copy running-config startup-config

Configure a Web Interface
Modern Cisco switches have a number of web-based configuration tools that require that the switch is configured as an HTTP server. These applications include the Cisco web browser user interface, Cisco Router and Security Device Manager (SDM), and IP Phone and Cisco IOS Telephony Service applications.

To control who can access the HTTP services on the switch, you can optionally configure authentication. Authentication methods can be complex. You may have so many people using the HTTP services that you require a separate server specifically to handle user authentication. AAA and TACACS authentication modes are examples that use this type of remote authentication method. AAA and TACACS are authentication protocols that can be used in networks to validate user credentials. You may need to have a less complex authentication method. The enable method requires users to use the server's enable password. The local authentication method requires the user to use the login username, password, and privilege level access combination specified in the local system configuration (by the username global configuration command).

Here is the Cisco IOS CLI Command Syntax:
S1#configure terminal
S1(config)#ip http authentication enable
S1(config)#ip http server
S1(config)#end
More information on TACACS.
More information on AAA.

References: