Network technologies and trends


August 20, 2008  6:22 AM

What is Service timestamps logging, and how it can be configured Cisco Switch or a Router?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Logging is a quite essential part of a secure network configuration. Logging not only helps the Network Administrators to identify the issue while troubleshooting, also enables them to react to intrusion attempts or Denial-of –Service attacks.

By default  on Cisco IOS , no timestamp information is included; however, you can enable timestamps and also modify the format of the timestamp attached to SYSLOG message by using the service timestamps log global configuration commands as follows:

ITKE(Config)# service timestamps log {uptime |datetime [msec |localtime |show-timezone]}

I will demonstrate how to configure a Cisco IOS Switch to log the datetime and loclatime.

Before Configuring the service timestamps log you will get the following logs in a IOS Switch.

ITKE#sho log

Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

   Console logging: level debugging, 453895 messages logged, xml disabled,

                     filtering disabled

    Monitor logging: level debugging, 0 messages logged, xml disabled,

                     filtering disabled

    Buffer logging:  level debugging, 453895 messages logged, xml disabled,

                    filtering disabled

    Exception Logging: size (4096 bytes)

    Count and timestamp logging messages: disabled

    File logging: disabled

    Persistent logging: disabled

    Trap logging: level informational, 453898 message lines logged

        Logging to 10.0.0.2  (udp port 514,  audit disabled,

              authentication disabled, encryption disabled, link up),

              453898 message lines logged,

              0 message lines rate-limited,

              0 message lines dropped-by-MD,

              xml disabled, sequence number disabled

              filtering disabled

        Logging to 10.0.0.1  (udp port 514,  audit disabled,

              authentication disabled, encryption disabled, link up),

              453898 message lines logged,

              0 message lines rate-limited,

              0 message lines dropped-by-MD,

              xml disabled, sequence number disabled

              filtering disabled

          Log Buffer (4096 bytes):

17w5d: %LINK-3-UPDOWN: Interface GigabitEthernet0/41, changed state to down

17w5d: %LINK-3-UPDOWN: Interface GigabitEthernet0/41, changed state to up

17w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/41, changed state to up

17w5d: %SEC-6-IPACCESSLOGP: list 102 permitted tcp 10.0.0.6(49336) -> 0.0.0.0(23), 1 packet

Now we will configure the Cisco IOS Switch with the Service timestamp log command with date & local time of the Switch by issuing the following command from the global configuration mode. 

ITKE(config)#service timestamps log datetime localtime

Here are the details of log show in the switch after configuring the service timestamps log command

ITKE#sho log

Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

    Console logging: level debugging, 454006 messages logged, xml disabled,

                     filtering disabled

    Monitor logging: level debugging, 0 messages logged, xml disabled,

                     filtering disabled

    Buffer logging:  level debugging, 454006 messages logged, xml disabled,

                    filtering disabled

    Exception Logging: size (4096 bytes)

    Count and timestamp logging messages: disabled

    File logging: disabled

    Persistent logging: disabled

    Trap logging: level informational, 454009 message lines logged

        Logging to 10.0.0.2  (udp port 514,  audit disabled,

              authentication disabled, encryption disabled, link up),

              454009 message lines logged,

              0 message lines rate-limited,

              0 message lines dropped-by-MD,

              xml disabled, sequence number disabled

              filtering disabled

        Logging to 10.0.0.1  (udp port 514,  audit disabled,

              authentication disabled, encryption disabled, link up),

              454009 message lines logged,

              0 message lines rate-limited,

              0 message lines dropped-by-MD,

              xml disabled, sequence number disabled

              filtering disabled

         

Log Buffer (4096 bytes):

Aug 20 09:10:48: %LINK-3-UPDOWN: Interface GigabitEthernet0/13, changed state to up

Aug 20 09:10:49: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/13, changed state to up

Aug 20 09:10:55: %SYS-5-CONFIG_I: Configured from console by yasir on vty2 (10.0.0.6)

Aug 20 09:11:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/13, changed state to down

Aug 20 09:11:20: %LINK-3-UPDOWN: Interface GigabitEthernet0/13, changed state to down

Aug 20 09:11:22: %SEC-6-IPACCESSLOGP: list 102 permitted tcp 10.0.0.1(44420) -> 0.0.0.0(23), 1 packet

Aug 20 09:11:23: %LINK-3-UPDOWN: Interface GigabitEthernet0/13, changed state to up

Aug 20 09:11:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/13, changed state to up

Aug 20 09:11:37: %SEC-6-IPACCESSLOGP: list 102 permitted tcp 10.0.0.6(49493) -> 0.0.0.0(23), 1 packet

ITKE#

August 17, 2008  5:55 AM

What is the Link-flap error in Cisco Switches?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Link flap means that the interface continually goes up and down in a Cisco Switch. The interface is put into the errdisabled state if it flaps more than five times in 10 seconds. The common cause of link flap is a Layer 1 issue such as a bad cable, duplex mismatch, or bad Gigabit Interface Converter (GBIC) card. Look at the console messages or the messages that were sent to the syslog server that state the reason for the port shutdown.

13w0d: %PM-4-ERR_DISABLE: link-flap error detected on Fa0/28, putting Fa0/28 in err-disable state 

Issue this command in order to view the flap values:

SRCL-ONC-3550-AS01# sho errdisable flap-values  ErrDisable Reason    Flaps     Time (sec)

—————–        ——   ———-

pagp-flap                        3       30

dtp-flap                           3       30

link-flap                           5       10

SRCL-ONC-3550-AS01# 

The interface can be recovered from errdisable state by reenabling the port using the errdisable recovery cause link-flap. This command is used to configure the recovery mechanism so that the interface can be brought out of the disabled state and allowed to try again. You can also set the time interval. Errdisable recovery is disabled by default in Cisco Switches; when enabled, the default time interval is 300 seconds.

Once you enable the errdisable state you can see the following log in the Cisco switch which is trying to recover the error disable interface (link-flap error)

13w0d: %PM-4-ERR_RECOVER: Attempting to recover from link-flap err-disable state on Fa0/28


August 16, 2008  11:12 AM

How to change an IP address in a HP Procurve Switch

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Changing an IP address in a Cisco Switch is quite simple, where as in HP Procurve Switches if you try to change an IP address for any existing vlan you get an error message  The IP address (or subnet) 10.0.0.122/23 already exists.. 

I will demonstrate how to change an IP address for an existing VLAN. In this example we have a VLAN 100 assigned with an IP address 10.0.0.99/23 in a HP Procurve Switch.

vlan 100

   name “VLAN100″

   ip address 10.0.0.97 255.255.248.0

   tagged 25-26

   exit

We will try to change the IP address in a normal way as we do in a Cisco Catalyst Switch.

ICU(config)# vlan 100

ICU(vlan-100)# ip address 10.0.0.122 255.255.254.0

The IP address (or subnet) 10.0.0.122/23 already exists.. 

The moment you enter the IP address command you will get an error message mentioned above.

In order to change an IP address do the following things

Log in to the Switch thro a console port.

Then from the global parameters use the following commands

vlan 100

 name “VLAN100″

 no ip address 10.0.0.97 255.255.248.0

 ip address 10.0.0.122  255.255.248.0

However, you can’t do that if you connect to the switch remotely. As soon as the “no ip address” command is received and processed by the switch, your session will be disconnected and you won’t be able to get to the switch.The trick to get around this issue is to make this IP address change through the switch’s built-in menu system instead of using the plain old CLI.
HP Procurve
1. Type “menu”, hit Enter
2. Select “Switch Configuration”
3. Select “IP Configuration”
4. Navigate to Edit, hit Enter
5. Change the IP and then Save

you will be disconnected once you save it but you will be able to reconnect using the new IP.


August 12, 2008  6:56 AM

Juniper Networks launches Network and Security Manager (NSM)

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Juniper Networks is expanding its network and security management capabilities across routing, switching and security infrastructure with the launch of the Network and Security Manager (NSM).

The new Network and Security Manager (NSM) offers centralized management for Juniper Networks J-series services routers, EX-series Ethernet switches, Secure Access SSL VPN and firewall/VPN and Intrusion Detection and Prevention appliances, and the newly announced Unified Access Control (UAC) solution.

The Network and Security Manager (NSM) enables high-performance businesses to consolidate and simplify the management of their network infrastructure to increase security, reduce cost and realize operational gains.

 Juniper

Overview

Network and Security Manager (NSM) is a powerful, centralized management solution that controls the entire device life cycle of firewall/IPSec VPN, Secure Access (SSL), Infranet Controller (IC), J-series and EX-series switches (JUNOS® software). NSM handles the basic setup and network configuration with local and global security policy deployment for these products. Unmatched role-based administration allows IT departments to delegate appropriate levels of administrative access to specific users, minimizing the possibility of a configuration error that may result in a security hole. NSM can scale from small to large enterprises with NSMXpress and NSM Central Manager as a plug-and-play appliance preloaded with the latest version of NSM software.

Watch how to Manage Your Network Security

Datasheets

Brochures


August 11, 2008  1:37 PM

What happened to the telnet client in Windows Vista?

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

As we all know how important is a Telnet client.  But by default, Telnet client is not installed with Windows Vista, but you can always install telnet client in Widnows Vista by following the steps below.

1)      Click on Start – Control Panel

Telnet 1

 1)      Click on Programs.

Telnet 2

 3) Click on Turn Windows features on or off.

Telnet 3

4) In the Windows Features dialog box, select the Telnet Client check box.

 Telnet 4

5) Click on OK.

Telnet 5

6) Windows will now install and enable Telnet so it is available from command line.

telnet9

telnet8


August 9, 2008  6:35 AM

Cisco’s Come Back Program

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Now there is a good news for networking professionals who are aspiring for Cisco Certifications.  You can retake the exams for free under Cisco “Come Back” program.

Cisco and Pearson VUE have partnered to give networking professionals the opportunity to re-invest in their careers with the Cisco “Come Back” program, but this offer expires soon. You may have let your Cisco certification lapse, but now’s a great time to come back.

Register now to take any Cisco certification exam at the regular price, and—if you need it—you’ll get a retake exam for FREE!*. Both exams must be taken before this offer expires on October 15, 2008, so it’s important that you schedule your exam soon, in order to allow adequate time for you to take advantage of the free retake.

Visit www.pearsonvue.com/cisco/comeback for more details or to schedule your Cisco exam.

Wishing you the best on your career investment,


August 5, 2008  7:20 AM

Microsoft touchscreen technology (Microsoft Surface Sphere)

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Microsoft is continuing its Research to come out with some interesting touch screen devices, first it was a coffee table, then the wall and now they are coming up with the Sphere. According to Gizmode the latest spherical mutli touch surface device, (still in concept stage) is going to unveil Microsoft Research Faculty Summit 2008. Check out this video[kml_flashembed movie="http://uk.youtube.com/v/V3HGfIy_zCI" width="425" height="350" wmode="transparent" /]


August 5, 2008  6:52 AM

Show Commands in Cisco Routers and Layer 3 Switches(Most commonly used)Series -2

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

In my previous post I tried to cover some of the show commands which are quite useful to any Network Administrator to manage the day to day activities. In this post I will try to complete the set of 10 show commands I selected.

1. Show access-list

The show access-list displays the contents of each access list. It is very helpful in troubleshooting filtering issues.  But this command does not show you where each access list is applied.

2. Show ip interface

The show ip interface command displays very useful information about configuration & status of IP protocols, it services on all available interfaces.  The show ip interface command also provides information about the access lists applied in all interfaces and also in which direction. This kind of information is not shown by the “show access-list” command. Even the “show run” command displays the information about access lists.

3. Show cdp neighbor detail

The show cdp neighbor detail command displays the information about all the neighboring devices connected with most valuable information like IP addresses, platform and host names. The show cdp neighbor details is very helpful to troubleshoot the connectivity issued and can also used to find out how devices are connected to each other especially when there is nor proper network layouts.

4. Show version

The show version command displays the detail information about the IOS installed, file named used for the IOS along with the version of IOS, router configuration register, model of the router , when the router was rebooted last time of course the amount  of RAM and flash.

 5. Show flash

The show flash command displays the contents of the flash and the size of the IOS files and the size of the flash and freely available flash. It’s useful whenever the IOS is upgraded to check the amount of free space available.  


August 4, 2008  5:26 AM

MySpace & Facebook targeted by worms says Kaspersky Lab

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Security company Kaspersky Lab is warning of a new worm that targets MySpace and Facebook users.The worm variants are spread through the popular social networking sites, turning infected machines into zombies – PCs illicitly controlled by hackers to carry out tasks like denial of service attacks.

The Net-Worm.Win32.Koobface.a is activated when a user accesses their MySpace account, and is spread when it automatically comments on linked friend’s sites. Facebook is targeted by Net-Worm.Win32.Koobface.b, which sends messages to the infected user’s contacts through the Facebook site.

Both worms then direct would-be victims to a bogus Youtube link, where they will then receive a message telling them that they need to install the latest version of Flash Player. Instead of downloading the latest version of Flash Player however, the link then installs the worm, which installs the Facebook version of the worm if the user visited the site from MySpace, and vice versa, to increase the infection rates from the worm.

Do access Kaspersky web site for more information.


August 2, 2008  6:43 AM

Show Commands in Cisco Routers and Layer 3 Switches(Most commonly used)Series -1

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Some of the widely used commands in Cisco routers are just simple unavoidable, among the most commonly used commands in a Cisco Routers are “show” commands. These commands are essential to Network Administrators. Here is a list of those commands. I will try to cover this in two series. Here is the first series

1. Show running-configuration

The show running-configuration command shows the complete current running configuration in a router, firewall or a switch. Using show running-configuration command a network administrator can troubleshoot almost all issues related routing, filtering secure access, encapsulation, interface mismatch, and many more issues.

2. Show startup-configuration

The show startup-configuration command shows the configuration that is saved on the NVRAM. It is helpful in knowing the configuration that will be applied the next time the routers is reloaded. And also this command is useful in knowing the configuration that was loaded at the start-up of the router before making changes to it.  3. Show Interface

The Show interface command shows the status and statistics of the router interfaces. The show interface command is useful to troubleshoot the routing and link issues. The show interface command output includes interface status, interface IP address and subnet mask, protocol status on an interface, encapsulation type, bandwidth, utilization and much more information related to interface operation.

4. Show ip route

The show ip route command shows the routers routing table.  Routing protocols used and what networks these protocols are advertised. The show ip route command is used to troubleshoot routing problems.

5. Show ip protocols

The show ip protocols displays the routing protocols used in a router and the networks to which these protocols are advertised. It also shows the sources of the routing updates received and very helpful to troubleshoot routing issues.

 


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: