The Journey of a Network Engineer

October 11, 2010  6:48 AM

Connecting your PC to GNS3

Sulaiman Syed Profile: Sulaiman Syed

In this entry, we would see how to connect a router from the GNS3 simulator to your pc.

This will help you with all the basic simulations using SDM, it is specially good for people taking the CCNA Security exam.

First, we would need loopback interface in your PC. The following steps are used to create the loopback interface:

1. Go to Control Panel–>Add Hardware then click Next
2. Yes I have already connected the hardware
3. Scroll to the bottom and click on Add a new hardware device then Next
4. Install the hardware that I manually select from a list (Advanced)
5. Click on Network Adapters then Next
6. Select Microsoft as the Manufacturer then on Microsoft Loop-back Adapter under Network Adapter then click Next then Next again.
7. Open up Control Panel–>Network Connections to see the adapter in place.

Once that is done. Now run your GNS3 simulator, and do the following.

1- Drag the Cloud shape into the screen.
2-Right click, and configure.
3-go to the designated cloud (usually C1)
4-click on the Generic ethernet NIO
5-Select the Microsoft Loop-back Adapter, then ADD

Now, all you need to do, is add the router. connect a link between the Cloud and router. and you would be able to use SDM, of course you would still need to configure the router. Configuring the router will be in part 2 of this entry.

October 7, 2010  8:53 AM

Cisco Certified Design Professional

Sulaiman Syed Profile: Sulaiman Syed

CCDP or Cisco Certified Design Professional is one of the best certificates for any engineer working in middle to large enterprise.

CCDP requires the candidate to pass Route, Switch, and Arch. Since most Engineers would have CCNP which requires Route, Switch, and Tshoot. CCDP becomes much easier task to gain, and with high benefits.

Studying material for Cisco Certified Design Professional are available through ciscopress. Designing Cisco Network Service Architectures is a good guide to prepare for the Arch exam. Advanced topics from this book, that are very helpful to any engineer are:

  • Implement advanced WAN services
  • Evaluate design considerations in the data center core, aggregation, and access layers
  • Design storage area networks (SANs) and extend the SAN with various protocols
  • Design and tune an integrated e-commerce architecture
  • Integrate firewall, NAC, and intrusion detection/prevention into your network design
  • Incorporate voice over WLAN in the enterprise network

The data center design is fundamental for any enterprise, while the e-commerce is important for almost all commercial and profit organizations.

Lastly, don’t expect the exam to be easy. The questions would require you to use your experience and thinking to find the right answer.

October 1, 2010  10:55 AM

Policy Based Routing – Part 2

Sulaiman Syed Profile: Sulaiman Syed

In Policy Based Routing – part 1 I have explained why and how we can use PBR in production environment. Today, i shall post how i did, and what i did. with brief explanation. Keep in mind that the image shown with the IP scheme is not real.


ip access-list extended web
permit tcp any eq www
permit tcp any eq 443

First, i have defined the interesting traffic. is the network i would like to redirect to my proxy server. the traffic should be sourced from this network, to any network with port number 80 and 443 (HTTP, HTTPS).

route-map web permit 10
match ip address web
set ip next-hop

here, i created a route map, that matches the Access list i made in first step, and i sat the next hope address as

route-map web permit 20

This command is important, without it. the rest of traffic will be dropped. (just the way how the last command in Access List is deny deny.)

interface Vlan10
ip address
ip policy route-map web

Since, im using a multilayer switch and my interface is defined in a vlan. i have applied the Policy in the vlan interface.

Yes, of course. why not just apply the PBR on the distribution switch. I wonder why i didn’t think of that earlier. I will test my switch by tomorrow. once i get confirmed results. I think It would be best just to apply the configuration into the distribution switch.

September 26, 2010  6:39 AM

How to use Policy Based Routing? – part 1

Sulaiman Syed Profile: Sulaiman Syed

Policy Based Routing (PBR) is one the technologies that the strength to map or police the way traffic route in an enterprise. PBR can be used in various applications within the enterprise. One of the main examples of using policy based routing is given certain ISP the preference for certain applications. This method can be used manipulate routing packets without altering the routing protocol operation.

Unfortunately, we ran into issue where layer 4 switch is no longer able to co-ordinate with the bluecoat proxy for https traffic, http traffic is working just fine. Ultimately, I suggested intro PBR to solve this issue. Figure 1 shows the topology.


I would replace the Application layer switch, with a cisco 3560 switch. make the appropriate routing, then do the policy routing. with this policy routing it would be as following:

any HTTP or HTTPs traffic should be forwarded to bluecoat, while the rest of traffic should be forwarded to the Internet Router.

September 21, 2010  5:02 AM

Troubleshooting Packeteer 6500

Sulaiman Syed Profile: Sulaiman Syed

Today’s topic is about packeteer. Blue Coat’s packet shaping device. We have packeteer 10000, 7500,and 6500. So one day, the 6500 decided to crash and not boot up! After spending hours and hours reading forums, and support documents. We just had to try everything to solve it ourselves. and yes, we reached to step by step troubleshooting method. We tried it many times with that device, and it always seems to work.

1- Make back up of all the files in the Flash of packeteer device. The files should be backed up before/after any major upgrade.

2- In the case that the device fails:
a. Try resetting the flash, hard disk and the rams. If it doesn’t work.
b. Try to run the backup image by pressing Crlt+B while in the “loading…” If it doesn’t show.
c. Try to run the backup image from the boot monitor. Boot monitor can be accessed by pressing Ctrl+Y during “booting…”, then using option C. If no image files can be seen.
d. Try to format the flash from the boot monitor. during “booting…”, then using option H. after formatting.
e. Add the image file under BIN.
f. Try run the image.zoo from the boot . (it is better to call the OS as image.zoo since the device gave us error while using other names.)if it works.
g. Add configuration files to CFG. If the loading of the image doesn’t work.
h. Repeat A. if the image doesn’t work.
i. Repeat B.
j. If working on the mentioned step fails, then try troubleshooting it out of sequence.
k. There is safe mode using Ctrl+A. this mode was not helpful to us at all.
l. To reset the password, type at the password prompt “ touchpwd= ”.

3- The device is very sensitive to many things, it could reject a working flash, or a working image for no apparent good logical reason.

These steps were concluded from our troubleshooting of two packeteer devices for almost 6-7 hours straight.

One of the main issues was that we had we just loaded the image after formatting the flash. The implication of the actions were:

1- We lost the CGF folder for the external device, which the license files. Specifically Basic.cfg (in this file, the license is bounded to the serial number of the device, without this file the device is just a piece of stone.)
2- Configuration menu was not checked. Again resulted in unstable device which kept hanging.

We were fortunate that we had a very old backup of the device (dated 2008), which we managed to use the files from. But it took us to go through all the troubleshoot sequence cause of the mismatch that happened between the configuration files and the image files.

Future advice is, when buying a new device from packeteer, the support contract must be for a period of 3-4 years. It was noted in our troubleshooting that these devices were very unstable and many other people have complained bout some of the issues that come up randomly.

September 17, 2010  9:21 AM

How to pass Tshoot 642-832

Sulaiman Syed Profile: Sulaiman Syed

To be CCNP in the new track, passing Tshoot 642-832 is a must. While it does bring new challenges to the candidates. The first thing is to pass the Routing and Switching exams. This will give the foundation to tackle any trouble ticket (TT) that would come in Tshoot.

Here are general guidelines of how to solve Tshoot.

1- the Tshoot exam topology has the configurations for both ipv4 and ipv6. so when tackling an issue, you should be aware if the question is ipv4 or ipv6 related. and you should be able to know which commands are for ipv4 and which are for ipv6. (it was very confusing for me when i saw the run config)
2-if you know where and what techology is the issue, but can’t figure out which line should be fixed. abort the ticket, check the configuration from another ticket it might help.
3-if you cant figure out the issue, abort the ticket, come back to it at the end. you might end up wasting too much time on it.

How I approached the Tshoot exam.

1-first, do ipconfig at the client, to know that client getting ip address. if not, troubleshoot.
2-ping default gateway, if cant. troubleshoot.
3-traceroute from default gateway to destination in the question (usually the server troubleshoot from the point the traceroute fails.

best of luck, let me know how it went for you.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: