Network technologies and trends


December 9, 2009  9:19 AM

How to detect a rouge DHCP server in your network?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

 

Today morning I was late to arrive at my office due to some problems, when I came I saw my colleagues were trying hard to figure out the rouge DHCP server detected in our helpdesk VLAN. All our users in the help desk and call center were getting an IP address from the Rouge DHCP server and they were not able to access our Network. I tried to figure out the physical location of the rouge DHCP server but I failed to find.

Immediately I thought let me figure out the Mac address of the rouge DHCP server so that I can block its network access.

I went one of the affected systems and from the command prompt; I used the “arp –a followed by the rouge DHCP server as show below

C:\>arp -a 192.168.142.2

Interface: 192.168.142.96 — 0xb

  Internet Address      Physical Address      Type

  192.168.142.2           00-16-35-c1-7f-cc     dynamic

Once I got the Mac address, immediately I logged into a Cisco 3560 Switch connected in that area. From the privilege mode I used “show mac-address table” command to figure out the interface in which the rouge DHCP is connected.

RRBM-ITD-3560-AS01#sho mac address-table

          Mac Address Table

——————————————-

 

Vlan    Mac Address       Type        Ports

—-    ———–       ——–    —–

 All    0100.0ccc.cccc    STATIC      CPU

 All    0100.0ccc.cccd    STATIC      CPU

All    ffff.ffff.ffff    STATIC      CPU

 129    0000.0c07.ac3a    DYNAMIC     Gi0/52

 129    0002.e356.9cfa    DYNAMIC     Gi0/52

 129    0002.e356.a78f    DYNAMIC     Gi0/39

 129    000e.7fd8.6cff    DYNAMIC     Gi0/7

 129    000f.fe0a.1ff7    DYNAMIC     Gi0/22

 129    0016.35c1.7fcc  DYNAMIC     Gi0/36

 129    000f.fe6f.5d5c    DYNAMIC     Gi0/52

 129    000f.fe6f.5e46    DYNAMIC     Gi0/52

 129    000f.fe93.d890    DYNAMIC     Gi0/8

 129    000f.fe93.fcb0    DYNAMIC     Gi0/7

 129    000f.fe93.fcb8    DYNAMIC     Gi0/52

 129    000f.fe96.0920    DYNAMIC     Gi0/38

 129    000f.fe96.5478    DYNAMIC     Gi0/52

RRBM-ITD-3560-AS01#

 

Once I detected the interface to which the rouge DHCP sever connected, I disabled the interface in the Cisco 3560 Switch.

 

RRBM-ITD-3560-AS01# configure t

Enter configuration commands, one per line.  End with CNTL/Z.

RRBM-ITD-3560-AS01(config)#interface gigabitEthernet 0/36

RRBM-ITD-3560-AS01(config-if)#shutdown

RRBM-ITD-3560-AS01(config-if)#description ROUGE DHCP

RRBM-ITD-3560-AS01(config-if)#exit

RRBM-ITD-3560-AS01#

To prevent this from happening I configured the DHCP snooping in the Cisco 3560 Switch.

After careful inspection we figured out the rouge DHCP sever was running in a Virtual Machine, one of our aspiring professional was testing Active directory and DHCP services in a Virtual Windows 2003 Server.

Whenever you come across this kind of situation doesn’t panic just try to troubleshoot the problem in a systematic way. Just by following few simple steps you can eliminate this problem.

 

The keys steps

Step 1 – Figure out the MAC address using the “arp –a” followed by ip address of the rouge DHCP server from the affected PC.

Step 2- Log into your Switch and figure out the interface to which the rouge DHCP server is connected “Show mac-address table” (Cisco IOS Switches).

Step 3- Disable the interface connected to the rouge DHCP server in your Switch “shutdown” (Cisco IOS Switches).

Step 4 – Take precaution by configuring DHCP snooping in your Network.

 

December 9, 2009  5:50 AM

Benefits of Configuring local username and password in Cisco Routers and Cisco Switches,Series 2

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

In my previous post we came across the benefits of having the local username and password in  Cisco devices. Now lets see how to configure the local username and password in a Cisco Router or a Cisco Switch.

Step 1 – Configure the local username and password in a Cisco IOS Device

ITKEAS01#configure t              

ITKEAS01(config)#username itkeadmin password secret $p@ssw0rd$

 

Step 2 – Enable local authentication on a Console port

ITKEAS01(config)#line console 0

ITKEAS01(config)#login local

 

Step 3 – Enable local authentication for telnet session

ITKEAS01(config)#line vty  0 4

ITKEAS01(config)#login local

 

Once you configure these local authentication you will see the following prompt when evr you try to telnet the Cisco IOS Device.

Since privile level configuration differs from this configuration I will try to post those details in upcoming posts.

 


December 5, 2009  5:55 AM

Benefits of Configuring local username and password in Cisco Routers and Cisco Switches,Series 1

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

 

Whenever you try to access any Cisco Router or a Cisco Switch for management propose by using a console, telnet or SSH, by default you will be asked to enter the password. And if you want to enter in the privilege mode you are simply asked to enter the enable password. This is the normal method of accessing the Cisco Router or a Cisco Switch. But you are exposing your Cisco routers and Switches for an easy unauthorized access. Anybody can access your Cisco devices using a console cable or a by telnet if he knows the enable password.

 

You can make your Cisco Routers and Switches more secure by using a local username and password for each individuals who will be access your Cisco devices. By employing this methodology you can make your Cisco Routers and Switches more resistant to unauthorized access.

More over by configuring local usernames on the Cisco Routers and Cisco Switches you have the flexibility to add granularity regarding the levels of management privileges for different users. For example you can configure a local username with full privileges (privilege level 15), who can configure anything on a Cisco Router or a Switch where as if you configure a local user with unprivileged access (privilege level 1) he can just see few things on a Cisco Router or Switch. I will show how to configure the local usernames and password with different privilege levels in Cisco Devices in my upcoming post.


November 23, 2009  5:24 AM

Do you know there are 20782 CCIE Professionals Worldwide?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

We all know CCIE is a dream for all the certification aspirers, especially those who are Cisco Certified Professionals. I was just wondering how many CCIE certified Experts exists? As per Cisco Systems latest update on 26th of October 2009 there are 20782 CCIE Professionals Experts worldwide. Interestingly 86% (17891) of CCIE professionals are certified in Routing and Switching and the second choice is being the CCIE Security with mere 2337 Security professional. That’s a reason why I always hear there is a lack of CCIE Security Professionals. So CCIE Security can be good options for CCIE aspirers.

One Interesting fact is the total number of CCIE Voice Professionals they are growing wow. Quite a sharp growth in a short span of time.

Pic Courtesy: Cisco Systems

Total of Worldwide CCIEs:

20782   (last updated 10/26/2009)

Total of Routing and Switching CCIEs:

17891

Total of Security CCIEs:

2337

Total of Service Provider CCIEs:

1625

Total of Storage Networking CCIEs:

148

Total of Voice CCIEs:

1082

Total of Wireless CCIEs:

15

 

Multiple Certifications:

 

 

Many CCIEs have gone on to pass the certification exams in additional tracks, becoming a “multiple CCIE.” Below are selected statistics on CCIEs who are certified in more than one track.

 

Total with multiple certifications worldwide:

2264

Total of Routing and Switching and Security CCIEs:

751

Total of Routing and Switching and Service Provider CCIEs:

656

Total of Routing and Switching and Storage Networking CCIEs:

34

Total of Routing and Switching and Voice CCIEs:

289

Total with 3 or more certifications

384


November 22, 2009  12:13 PM

Do you know Apple iPhone Supports Cisco VPN Client?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Do you know iPhone supports the Cisco VPN Client?, yes both the iPhone Software versions 2.x and 3.x supports L2TP, PPTP and IPsec type of remote access VPN connectivity.  The IPSec option is actually Cisco VPN client software for communicating securely with Cisco ASA and  PIX firewall.

According to Cisco only ASA and PIX firewall supports the iPhone Remote Access VPN, where as the Cisco IOS routers and bit older VPN 3000 concentrators will not support the iPhone VPN features.

By using this feature mobile workers can connect remotely to their Enterprise network via secure VPN tunnel using their iPhone. Both the Wi-Fi and Mobile Data Networks can support the iPhone VPN client to set up a tunnel between an iPhone and their Enterprise network. Following authentication methods are supported for establishing the remote VPN tunnel

ü  Password

ü  RSA SecurID

ü  CRYPTOCard

ü  Certificate

 

For more info on how to configure your Cisco ASA firewall do check this link from Cisco Systems.

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/iPhone/2.0/connectivity/guide/iphone.html


November 21, 2009  11:36 AM

How to configure the System prompt in a Cisco Router or a Cisco Switch?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

 

There is a cool handy way to know TTY sessions established in any Cisco Router or a Cisco Switch. By using this feature you can know the number of active telnet sessions from the prompt itself.

Normally whenever you log to any Cisco Router or Switch you will find this menu

ITKE-AS01#

 

By using the “prompt” command you can see the difference

 

You might be wondering how come this is possible, ok now let me show you how to enable this feature in a Cisco Router or a Cisco Switch,

Log in to your Cisco Device and use the following command “prompt %h:%n%p”

 

ITKE-AS01#config t

ITKE-AS01 (config)# prompt %h:%n%p
ITKE-AS01 (config)# exit

 

In the example I have used three escape sequences to set the prompt name to the hostname (%h), followed by the command number (%n) and then followed by the appropriate prompt character for the current command mode (%p).

You can see the difference in the hostname after applying the “prompt %h:%n%p” command.

ITKE-AS01:1#sho users

    Line       User       Host(s)              Idle       Location

*  1 vty 0     yasir      idle                 00:00:00 10.0.0.5

 

  Interface      User        Mode                     Idle     Peer Address

ITKE-AS01:1#

 

As the number of TTY session increases you can see the incremental change in the hostname with the sequence number as displayed below.

Example with two TTY sessions

ITKE-AS01:2#sho users

    Line       User       Host(s)              Idle       Location

   1 vty 0     yasir      idle                 00:00:23 10.0.0.5

*  2 vty 1     itkeuser      idle                 00:00:00 10.0.0.5

 

  Interface      User        Mode                     Idle     Peer Address

 

ITKE-AS01:2#

 

Example with three TTY sessions

ITKE-AS01:3#sho users

    Line       User       Host(s)              Idle       Location

   1 vty 0     yasir      idle                 00:01:14 10.0.0.5

   2 vty 1     itkeuser      idle           00:00:50 10.0.0.6

*  3 vty 2     itkeadmin   idle         00:00:00 10.0.0.7

 

  Interface      User        Mode                     Idle     Peer Address

 

ITKE-AS01:3#

 

Example with four TTY sessions

ITKE-AS01:4#sho users

    Line       User       Host(s)              Idle       Location

   1 vty 0     yasir      idle                 00:01:43 10.0.0.5

   2 vty 1     itkeuser      idle            00:01:20 10.0.0.6

   3 vty 2     itkeadmin   idle            00:00:29 10.0.0.7

*  4 vty 3     yasir      idle                 00:00:00 10.0.0.5

 

  Interface      User        Mode                     Idle     Peer Address

 

ITKE-AS01:4#

 

I you want to disable the TTY display enter the “no prompt” command as shown below.
ITKE-AS01:4#config t
ITKE-AS01:4 (config)# no prompt

 

Following are the prompt Variables available for the “prompt” command.


November 18, 2009  1:06 PM

How to archive your Cisco Router or Switch Configuration?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Do you all know there is a great way to archive the tasks you carry out in your Cisco Router or a Cisco Switch? Especially whenever you perform a “write memory or copy run start” in your Cisco Router or a Cisco Switch.

Most people do not realize starting an IOS version 12.3 (4) T and higher an “archive” and “archive config” commands were introduced by Cisco Systems.

The main advantage of advantage of an “archive” command is to have incremental backups of your Cisco Router or Switches configurations and for some reasons if you have blowup with the configuration then using the this feature you can retrieve the old configuration file into your Cisco router or switch.

The “archive config” command allows you to save Cisco IOS configurations in the configuration archive using a standard location and filename prefix that is automatically appended with an incremental version number (and optional timestamp) as each consecutive file is saved.
Once the maximum number of file saved in the archive, the oldest file will be automatically replaced by the next file.

The “show archive” command displays information for all configuration files saved in the Cisco IOS configuration archive.
In this example, we will save the archive configuration files on the flash memory; however, you can also store the configuration files remotely using such protocols as FTP, HTTP, HTTPS,RCP, SCP, and TFTP.
By using following set of commands we can enable archive feature in a Cisco Router or a Cisco Switch provided the IOS version is either 12.3 (4) T or higher . In this example, the location and filename prefix is specified as disk0: itkebackup

ITKE-AS0 (config)#archive

ITKE-AS01(config-archive)#path flash:itkebackup

To save the current running configuration in the configuration archive use the “archive config” command as shown below

ITKE-AS01# archive config

The “show archive” command displays information of the files saved in the configuration archive as shown in the following example:

ITKE-AS01#show archive

         There are currently 3 archive configurations saved.

         The next archive file will be named flash: itkebackup -3

         Archive # Name

         0

         1 flash: itkebackup -1

         2 flash: itkebackup -2 <- Most Recent

         3

         4

         5

         6

         7

         8

         9

         10

         11

         12

         13

         14

 

ITKE-AS01#

By using the “configure replace flash” command you can restore the configuration

ITKE-AS01#configure replace flash: itkebackup -2

         This will apply all necessary additions and deletions

         to replace the current running configuration with the

         contents of the specified configuration file, which is

         assumed to be a complete configuration, not a partial

         configuration. Enter Y if you are sure you want to proceed. ? [no]: y

         Total number of passes: 0

         Rollback Done

The “archive” command is quite handy to keep the he is great for keeping multiple copies of the running config in an archive.


November 17, 2009  12:02 PM

ManageEngine IT360 makes the Business Service Management Easy

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

ManageEngine has recently launched their latest Business Service Management (BSM) Solution “ManageEngine IT 360”. Last week I had a chance to download the 60 day trial version and test the suite.

Since I am much into Networking I started using their Network Monitoring module which seems to be more promising and simpler. The best thing which encouraged me download the 60 day trail version was the agentless monitoring of the network applications. ManageEngine recommends installing the application at least with a 8 Giga of RAM, with 2 GHZ Quad Core Processor and 32 Bit Windows Server 2003/2008 Enterprise Edition.

Unfortunately all my Servers are occupied and I had no servers to install. I found a DELL XPS 630i Machine lying in my office. I thought let me try to install the ManageEngine IT 360 application in the DELL XPS 630i machine. Due to my bad luck the installation of Windows Server 2003 on DELL XPS 630i machine failed, so I was forced to install the ManageEngine IT 360 with Windows XP. The installation was smooth and everything work perfect for me. The best thing I liked is the easy installation and everything can be managed very easily. The DELL XPS 630i machine was capable of supporting the ManageEngine IT 360 without any hassles. I just tried the Network Monitoring module and I am able to monitor all my Cisco Switches, Routers and Firewall. The ManageEngine IT360’s Business Dashboard interface seems to be more promising and it’s customizable as well. Since I am using the Network Dashboard it gave me all the info I am looking for like Device Summary, Top 10 Interface, Top 10 Bandwidth utilized interfaces, Event Summary and Top 10 CPU utilization.

In brief the ManageEngine IT360 is amazing, especially an out of box application which is capable of monitoring networks, servers, databases and Applications. Surely the ManageEngine IT360 can give your IT Operations Team a single pane of glass to troubleshoot performance issues quickly. The integrated Service Desk with support for Ticketing, Problem Management, Change Management, Knowledge Base, automated Trouble ticketing etc makes workflows in production simpler, thereby making efficient use of IT Personnel. Try downloading the 60 day trial version.

Some Key Features of ManageEngine IT360 are
Integrated Network, Server and Application Performance Management that helps IT Operations
• Network Performance Management (Availability, Performance, Traffic Analysis)
• Systems and Database Performance Management • Monitor Key Performance Indicators
• Trend Analysis and Reporting
• Capacity Planning
Business Service Management which helps Business Managers
• End User Experience Management
• Monitor Key Business Metrics
• IT Service Desk with Support for ITIL • Service Level Management
• IT Asset Management


November 17, 2009  6:38 AM

How to disable SSH in Cisco Devices?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

We all know the importance of SSH, and it is one of most used method for remote access of Cisco Devices either it might be a Cisco Router or a Cisco Switch. Most of the Network Engineers I come across say it is so complicated to either enable or disable the SSH in Cisco Devices.

 If you simply try to use “no commands” used to enable SSH it will not work. Here is the tip to disable the SSH in either Cisco Router or Cisco Switches.

 Commands used to enable SSH in a Cisco Device

ITKE-AS1(config)#ip domain-name itke.com

ITKE-AS1(config)#crypto key generate rsa general-keys modulus 512

The name for the keys will be: ITKE-AS1.itke.com

 

% The key modulus size is 512 bits

% Generating 512 bit RSA keys, keys will be non-exportable…[OK]

 

ITKE-AS1(config)#

ITKE-AS1(config)#aaa new-model

ITKE-AS1(config)#aaa authentication login default local

ITKE-AS1(config)#aaa authentication exec default local

 

Commands used to disable SSH in a Cisco Device

Do notice if you use the command “no crypto key generate rsa” it will not work rather the device will suggest you to use the ‘crypto key zeroize rsa’ command, amazing isn’t it

ITKE-AS1(config)#no crypto key generate rsa

% Use ‘crypto key zeroize rsa’ to delete signature keys.

 

ITKE-AS1(config)#crypto key zeroize rsa

% All RSA keys will be removed.

% All router certs issued using these keys will

will also be removed.

Do you really want to remove these keys? [yes/no]: yes

ITKE-AS1(config)#


November 14, 2009  11:13 AM

HP buys 3Com for 2.7 Billion Dollars

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

HP has agreed to its plans to buy router and switching gear maker 3Com for $2.7 billion. This deal will see HP expands its infrastructure portfolio range with 3Com’s routers, Switches and Security products as well it will strengthen the HP position in China thanks to 3Com’s strong presence in China. The transaction is expected to close in the first half of 2010.
The transaction has been sealed at US$7.90 per 3Com share and is yet another example of an acquisition that will present significant competition for Cisco in the networking market, particularly in the data centre space and network convergence.
“Companies are looking for ways to break free from the business limitations imposed by a networking paradigm that has been dominated by a single vendor,” said Dave Donatelli, executive vice president and general manager, enterprise servers and networking at HP, in a statement issued by the vendor.
“By acquiring 3Com, we are accelerating the execution of our converged infrastructure strategy and bringing disruptive change to the networking industry. By combining HP ProCurve offerings with 3Com’s extensive set of solutions, we will enable customers to build a next-generation network infrastructure that supports customer needs from the edge of the network to the heart of the data centre,” he added.
HP points out that the purchase of 3Com will bring strong security capabilities through the vendor’s TippingPoint portfolio. It also states that thanks to extensive testing of 3Com products, it is planning to complete the global roll-out within HP soon after completion of the acquisition.
Let’s see how successful this acquisition will be in terms of capturing the market share from the lead player like Cisco Systems.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: