April 29, 2008

Looking for Network Diagram Ideas?

If you're like me, you love looking at different network diagrams to see how people create them (clean, efficient, 3d-icons, whatever). Check out www.ratemynetworkdiagram.com for a plethora of network diagram examples.

Posted by JC at 2:17 PM | Comments (6) | TrackBack

April 28, 2008

CiscoBlog Forums...They're here...I'm frightened...

Okay...I promised these at the end of last year, and I actually delivered on my promise. They were created, I just never told anyone. I've been talking with a couple friends about this and they always say something like, "dude...you SO don't know what you're getting into with forums..." They're right...I don't! But, nonetheless, the time has come to try it out.

http://forum.ciscoblog.com

I'm really taking a "if you build it, they will come" approach to this. I'll be trying it out based on this post for a little while, then I will add an official link to the forums from the main page. Please comment on here if you have any suggestions!

Posted by JC at 4:18 PM | Comments (3) | TrackBack

February 22, 2008

CiscoBlog...Useful?

Wow - I feel honored! Network World magazine has listed CiscoBlog as one of the top 20 websites for Cisco techs. Check out the list from the link below - there's plenty of other useful stuff out there:

http://www.networkworld.com/community/node/25115

***Warning: following the links contained in this post may have you up past midnight on a Friday night playing with free Cisco management platforms that seem entirely too cool but just end up wasting time.***

Posted by JC at 2:23 PM | Comments (9) | TrackBack

February 20, 2008

Cool Utility of the Week: ZipTie

Many of you know about Kiwi Software. They are one of my favorite vendors who makes very reasonably priced utilities to manage many aspects of your Cisco network. For years, I've been using their Kiwi CatTools product for configuration management & bulk changes...

...but now the open source community is creeping in: Welcome ZipTie! ZipTie is a project that essentially competes with Kiwi CatTools in a Freeware/Open Source version. Now, I've already purchased Kiwi CatTools and love it...so what makes me excited about ZipTie? The Future!!! If you take a look at the roadmap, they've got more and more features planned to integrate

Not to mention that Open Source projects typically move faster than corporate environments since just about anyone can write plug-ins for the system. As a matter of fact, ZipTie already has a "partner site" (www.zipforge.org) dedicated to add-ons and plug-ins for different features and equipment. ZipTie currently has a quarterly release schedule, so I'm very excited to see how things progress this year.

Product Site: www.ziptie.org

Posted by JC at 10:00 AM | Comments (2) | TrackBack

February 8, 2008

Goodbye SecureCRT - Hello Putty!!!

First off, let me say thank you to all who responded to the previous post on my qualms spending $99 for SecureCRT. An extra thank you to whomever suggested Putty CM!

This utility is so cool, I thought I'd create an extra post about it for those who missed the last thread. Now, without a doubt, SecureCRT takes the cake for the number of features, smoothness, and so on...but if you're just looking for these basic features, you gotta check this program out:

- Saved connections / passwords
- Tabbed windows / session management
- Scripted logins

Here's a screencap of what I've got so far:

PuttyCM.jpg

**Note...the black squares are mine to protect the innocent :o)

Now here's the scoop: The Putty Connection Manager essentially puts a "shell" around the actual Putty program.

The shell is what adds all the SecureCRT-like functionality to the Putty program itself. I'm not saying this program is perfect...there's already a couple glitches that bug me, but for the most part...it does everything I need it to do for...(drum roll please) FREEEEEEE!!

So here's the links to get you started:

Putty Connection Manager
Putty itself

Posted by JC at 8:17 AM | Comments (18) | TrackBack

January 28, 2008

Recovering Type 7 Passwords Without Web-Tools

I'm stealing this guy from a reader tip on the January edition of the Cisco Tech Newsletter. Apparently, the "keychain" configuration of a Cisco router supports a decrypt command that allows you to recover (break) the Type 7 encrypted passwords:

Router (config) #key chain LIGHT
Router (config-keychain) #key 718
Router (config-keychain-key) #key-string 7 11192616193C233850012E3D2B2725711D
Router (config-keychain-key) #do show key chain LIGHT Key-chain decrypt:

key 1 -- text "decrypted_password"

accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]


It probably takes more time to do something like this than just paste the encrypted password into this Java applet...but you'd feel much cooler doing it this way :).

Posted by JC at 12:58 PM | Comments (2) | TrackBack

December 6, 2007

IOS Emulation Just Got Better

Quite some time ago, I wrote an article on the Dynagen/Dynamips system that has been developed to emulate (not simulate) IOS routers using a PC. Back when I originally wrote this update, you could only emulate a 7200 router and it took quite a bit of tweaking & tuning text files to make it happen. Things have definitely changed

Kudos to InternetworkExpert for putting together a pre-built Dynagen/Dynamips lab that emulates 9 different 3640 routers connected together in an impressive topology. Sure, they've created this environment to map to their lab scenarios which is what their business is built on; however, they've been kind enough to allow anyone to download this pre-built IOS emulation package for free.

Update: Thanks MB for also adding GNS3 (http://www.gns3.net) to the Dynamips lineup. This is the best package for IOS emulation yet!

Yes, it may still take some reading of documents to figure out how to connect & setup, but most of the legwork has been done for you. With a little time, you can build a fairly massive Cisco lab environment with out spending a penny on lab gear. Here's the link for the download and documentation:

http://www.internetworkexpert.com/resources/iosonpc.htm

Have fun!

Posted by JC at 8:03 AM | Comments (4) | TrackBack

November 8, 2007

Cisco Blog Forum

No...it's not here yet. BUT, I've gotten enough requests for a general forum that I've decided to give it a go. I've downloaded and installed a forum engine which has a daunting number of options. Over the next week or two, I'll be configuring the forum options and creating the boards. Are there any specific categories ya'll would like to see?

Please keep in mind, this forum will be about community and not just me answering everyone's questions! I'm sure I'll jump in here or there on a particularly exciting topic, but I know this is one of those systems that could suck me in causing me to abandon life as a whole...which I've tried to stop as of late. Please tag any suggestions / comments on to this post - thanks!

Posted by JC at 3:36 PM | Comments (5) | TrackBack

October 2, 2007

Network Security and Netflow

end-to-end.jpg

A couple things I'd like to mention in this post...First off, I just finished looking through End-to-End Network Security from Cisco Press...Very nice. If you've ever wanted to get into network security, this is a great starting point. It talks about major areas of network security to address and the tools you can use to do it.

So that brings me to my second thought...Someone talk to me about Netflow. Netflow is one of the tools this book mentions that you can use to analyze your network traffic. In it's basic form, Netflow tracks all the "flows" (aka traffic) going through your router. You can categorize it per-application and even get down to a per-user level (so you can finally figure out who is killing the Internet connection with their peer-to-peer traffic). Every time I want to get into the Netflow world, I seem to get lost in a land of build-your-own linux applications or extremely expensive Windows applications. Is there someone out there who knows of a good, free/cheap, easy to use Windows application that can take the Netflow data and put it into a web page format (much like MRTG/PRTG)? This seems like too cool of a tool to pass up.

As a side-note, it looks like Aaron has gone into the development shop on Netflow...MAN I wish I could do that. Cursed linux people :).

Posted by JC at 4:24 PM | Comments (13) | TrackBack

September 13, 2007

Warriors of the Net

I just came across this video; It's an extremely well done, simplistic explanation of how network communication happens. It'd be great to use for the new network administrators (or family relatives) you come in contact with. The original website it came from is called Warriors of the Net (http://www.warriorsofthe.net/). I've also placed the movie here for your convenience.

Click here to download.

Posted by JC at 8:46 AM | Comments (1) | TrackBack

May 17, 2007

Pasting a Configuration Into Cisco Devices...Error Free!

If you've been working with Cisco devices for awhile, you know that the fastest way to backup your configuration is:

1. Do a "show run" command
2. Copy all the output to your clipboard
3. Paste it into notepad

Then, if you need to restore the configuration you just move into global configuration mode and paste all the output back in. Voila! Insta-configured Cisco device. Here's the problem...when you paste in larger configuration files, it fails. Somewhere after about 50-80 lines of config, the input begins to get scrambled and jumbled all around. The reason is the Cisco device cannot keep up with the data that you are entering. So...how do fix this? Slow down the input! Here's how:

All terminal programs have a setting called “Transmit delay msec/line” for the serial port. Here’s a view of what it looks like in Tera Term:

paste.JPG

By default, this is some absurdly low value somewhere between 0-10 msec, which means your terminal program will just keep flooding the data and not give the receiving device enough pause to apply it. Adjust this value to something between 35-50 msec and your Cisco device will have no problem keeping up with the data.

Posted by JC at 11:28 AM | Comments (6) | TrackBack

April 21, 2007

Restoring the Vista Telnet Client

Why would Microsoft remove the good ol' command-line telnet client from the default Windows OS X...err, I mean Vista installation?!? Well, they did...but here's how to get it back:


1. From the Start menu, click Control Panel
2. Select Programs and Features
3. From the menu of the left, select Turn Windows Features On or Off
4. Scroll down, and then check the "Telnet client" box
5. Click OK

Posted by JC at 8:09 PM | Comments (2) | TrackBack

April 3, 2007

The Coolest Cisco Links of All

Okay, here's my thought. I've got some links that I have found very handy in the Cisco world over the years...links that I typically forget about, but then someone shows me the same link months later and I get all excited about them again. Rather than continuing the cycle, I was hoping to enlist your help to create a post that has all sorts of great links. Eventually, we can compile a list and put them in some permanent place on the website. These links include cool resources, utilities (cheap or free), and "tips". Please don't include blogs in this list (not that they're not valuable...just a different category). So, here's what I've got so far:

1. Top 100 Security Tools (http://sectools.org/)
2. Switch Inspector (sweet, inexpensive switchport mapper - http://www.switchinspector.com/)
3. MRTG (traffic statistics, free - http://oss.oetiker.ch/mrtg/), PRTG (traffic statistics, cheap - http://www.paessler.com/prtg)
4. Level 7 Password Decryption (http://cfz.ir/ot/?what=ciscocracker)
5. Cain and Able Security Audit util (http://www.oxid.it/cain.html)
6. Kiwi Syslog (free, good syslog server - http://www.kiwisyslog.com/products.php#syslog)
7. Kiwi CatTools (configuration management / change tracking - http://www.kiwisyslog.com/products.php#cattools)
8. TFTP Server (overcomes 32MB limit - http://tftpd32.jounin.net/tftpd32_download.html)
9. IOS Configuration Editor, fairly cheap (http://www.winagents.com/en/products/cisco-config-editor/)
10. IP Chicken - external IP from anywhere...no pop-up ads (www.ipchicken.com)
11. Bandwidth Gauge (Speakeasy has always been my fav. - http://www.speakeasy.net/speedtest/)
12. Tera Term - my favorite Windows telnet/SSH client (http://hp.vector.co.jp/authors/VA002416/teraterm.html)
13. Boson's Free Utils - bunch of handy/goof around utils (http://www.boson.com/FreeUtilities.html)

That's all I could think of off the top of my head. What else do ya'll got?

Posted by JC at 11:08 AM | Comments (26) | TrackBack

March 29, 2007

Calling All Web Gurus

I'm looking to redesign the CiscoBlog. If there's one thing I'm NOT, it's a web guy. Is anyone out there a web guru who would be willing to make this web site better? Here's the two things I'm looking to do:

1. Make the Cisco Blog more...professional / jazzy looking (right now, it looks like a product of HTML 101 students...)

2. Add a forum application off the main site that will allow for general discussion topics from anyone

Right now, the CiscoBlog is running off of Movable Type, which I'd like to keep (unless someone convinces me otherwise).

I contacted one company I found on a random Google search. They quoted me $2400.00 to do it...riiiight. So yeah - if it's going to cost that much, I'm thinking HTML 101 isn't all that bad after all. Is web dev. really all that much? Just to make something prettier?

Anyhow, if you or someone you know would be willing to take on the project, I'd love to chat! Oh...on that note. Please be someone who knows what they're doing :). I've talked to people before who have said, "Oh yeah! I'll do it!!!"And then begin to explain how they just learned to bold fonts in HTML...

If you're interested, please email me at Jeremy@CiscoBlog.com - thanks!

Posted by JC at 12:12 PM | Comments (11) | TrackBack

February 12, 2007

A *slightly delayed* Look at Hot 2007 Technologies

I know I always feel lame when I'm hanging around a bunch of fellow Cisco nerds who are talking about some technology I have no clue about. It's one thing to not know the technical details, but it's quite another to not have any idea. So, I thought I'd list four technologies for you (and me) that I think will be hot in 2007:

1. Network Access Control (NAC) - a technology that can allow or deny a client wireless or wired network access based on just about any set of criteria. For example, if a user does not authenticate to Active Directory correctly, you can shut off their switchport or ability to access the wireless network. Another example: if a user does not have the correct virus software / updates installed, they can be moved to an isolated VLAN that only has internet access. This topic is a hotbed of activity right now because everyone seems to be moving forward with their own NAC standards and forming partnerships with software vendors as fast as possible.

2. WiMAX (aka 802.16e)- A new wireless standard in the 2.5GHz band that claims to provide download speeds between 2-4Mbps in a radius of 10-15 miles. Can we say metro-internet? Nice. There's a lot of debating right now as to the claims of vendors vs. actual tests on this standard. We'll see.


3. The Apple iPhone - Okay, you've got to live in a box to not know about this one...but I think this device signals an entire revolution of what a "cell phone" can do. With the steep price, I doubt I'd ever buy one...alright, fine. I'll admit to myself right now that I'll buy one, but this will be the LAST PHONE I'll ever own. (I said that loud enough for my wife to hear). Seriously though, I'm not (drooling insanely) focused on this phone for the phone itself, but for the concept it presents to the industry. It's not going to take long for other vendors to begin using (stealing) the concepts Apple has introduced and running further with them in the Palm, Windows, etc...flavors. It's just going to push this technology further than ever.

4. Data Deduplication - Backup systems have long since needed an upgrade. The ol' tape drive has seen it's day. This is a data backup system that installs a small client on all your servers, desktops, and laptops. The client runs an algorithm that backs up everything without duplicating anything. It trims down the amount of data to backup in a huge way.

Posted by JC at 7:22 PM | Comments (2) | TrackBack

January 25, 2007

New Cisco Resource

Someone just shot me an email about these resources (as if there weren't enough blogs already, now you have more to read):

http://blogs.cisco.com/home/ - Cisco's official blog
http://ciscosubnet.com - A resource at Network World dedicated fully to Cisco

Looks like some good reading on both.

Posted by JC at 1:35 PM | Comments (1) | TrackBack

July 23, 2006

I'm Linking Up!

I can't tell you how encouraging the interest in this site has been to me. I started the CiscoBlog primarily as a storage space for my "cool tips" and configs so I can remember them all when I teach Cisco classes. I hadn't actually planned on getting any real traffic, but thanks to the power of the Google bots, here we are. One thing that has really surprised me is the number of folks who have a quasi-similar website with some REALLY good stuff (I love Aaron Paxon's latest post on the AS5350). So, the time has come...

I'd like to add a "Blogroll" of sorts to the website over the next couple weeks: a list of links to other related sites. The problem is, I've lost track of them all. If you have a relavant site you'd like to have linked up from here, tack on a comment to this post including the following:

I'll follow up in a couple weeks and create the list of links for all the relavant sites.

Posted by JC at 9:28 PM | Comments (16) | TrackBack

June 19, 2006

Killer Speed Test

Okay, maybe not directly related to Cisco, but a very cool site to test your speed:

http://www.speakeasy.net/speedtest/

No plug-ins, just works!

Posted by JC at 1:58 PM | Comments (1) | TrackBack

May 17, 2006

Cisco Tips and Tricks Presentation

Just last night, I gave a presentation to the Phoenix Cisco User Group (PCUG) called Cisco Routers and Switches: Tools, Tips and Tricks You Never Knew. It was fantastic! Everyone jumped in with their own tips they found in their experience. Very cool time.

Anyhow, I thought I'd post the presentation I used in PDF format. It may give you a good flow if you'd like to do a presentation for your own, local Cisco user group in your area. Not to mention the cool tips you can grab from this :). If you have anything to add to the list, tack it on to this post! It'd be a great place to start a common thread of these things.

Click here to download the May 16th PCUG presentation in PDF format

Posted by JC at 10:29 PM | Comments (8) | TrackBack

May 16, 2006

Walking in the World of NBAR

Not many people know this, but if your Cisco router is running a recent (within the last 3 years or so) IOS version, it comes with a built-in, application-layer packet sniffing application called Network Based Application Recognition (NBAR). This utility was originally designed for the world of Quality of Service (QoS), but is now used for many different capabilities. Try this:

On your router, access the interface connected to the Internet and type the command ip nbar protocol-discovery. That will enable your packet-sniffing application. Now, exit back out to privileged mode and type the command show ip nbar protocol-discovery stats bit-rate top-n 10. You'll be presented with an output that looks like this:

Yup - it even recognizes common peer-to-peer applications (kazaa, bittorent, napster, and so on...). This thing rocks, and it gives you a fly-by pulse of your current network traffic. What's more? It's free. What's better? It takes about the same amount of processor utilization as a standard access-list. Some days I wonder, "Why would you buy anything else but Cisco?" *grin*

PS - it may be good for you to make an alias of the show ip nbar command above. I talk about this in one of the early posts here: Three handy alias commands.

PPS - there are many other options for the show ip nbar command. Just use the context sensitive help to see what else you can discover.

Posted by JC at 7:47 AM | Comments (10) | TrackBack

May 12, 2006

Macbook Pro USB to Serial GUC232A

This is a pretty specific post for me - sorry if it does not apply. I've recently purchased an Intel-based 17" MacBook Pro and have an IOGear GUC232A USB to Serial converter I use for my console connections to Cisco routers that I've had a heck of a time getting working. BUT, I've finally conquered and wanted to write the steps I performed to aleviate the time spent if I have to do this again:

1. Download the LATEST driver from Prolific (http://www.prolific.com.tw/eng/downloads.asp?ID=31 - download the file md_pl2303H_HX_X_dmg_v1.2.1.zip)

2. Run through the install, reboot

3. The Prolific is a generic driver that works with the GUC232A, so you have to tweek it: