Latest Posts

Extreme Networks – enabling a few things on b5/c5/k series

Extreme Networks Switching Commands

Some of my most visited posts seem to be on brocade switching configuration/commands, so I decided to put together our standard list of commands for some Extreme Networks switches we use. These commands can be used on the B5, C5, K series, 7100 series, and S Series Extreme Networks switches. These switches run the EOS network operating system. Extreme networks product line moving forward will be purely EXOS (ExtremeXOS operating system). Therefore the following commands will become legacy, but are still very useful to know since some of the EOS product line hasn’t reached EOL.  Some commands are self explanatory, but for other’s I added a short description. Continue reading »

Troubleshooting ARP/IGMP/Router CPU

The Issue

We recently starting having issues with a building reporting that icmp stopped responding on a distribution router and some access switches behind the router. Some routing interfaces would respond, but the management VLAN interface wouldn’t. Further troubleshooting showed that the CPU processes on the router comprised of two Extreme Networks 7100 series switching running OSPF climbed up to 80/100% utilization. The “show logging buffer” revealed massive amounts of host-dos ARP attack events. The first thought was that a possible infected machine was creating an ARP storm. Continue reading »

Some PHP SNMP scripting

I was digging through some of my old notes and came across a few SNMP networking PHP scripts that I put together for some Proxim AP-4000 access points. I put this script and many others together to help manage these standalone access points before there were wireless controllers. This particular PHP script sets up a while loop to modify some SNMP values to modify AP filters. The SNMP values within this script can be modified to be used in changing other values as well. Your setup will require PHP installed along with the SNMP package. Have fun. Continue reading »

Portable home lab virtualization server + gaming

Portable Options

I have a few PC’s that I use for testing, gaming, and other side projects. I wanted to pare down on a few systems, so I started looking into a portable gaming server VM home lab setup. I would like the system to be used for testing at least four different VM’s and also allow for some decent gaming performance utilizing VM hardware GPU pass-through.

asrockm8portableserver

I first pondered on the Intel NUC Skull Canyon. It’s pretty portable, tough looking, and powerful, but it lacked the ability to easily install an external GPU and the ability to install a hypervisor when it first launched. It’s also pretty expensive and I was trying to stay around the $500-$600 range. I started looking at a few mini ITX cases and remembered coming across the ASRock M8 Mini ITX design in the past. Continue reading »

Why NetDevOps/NetOps will become important for Network Administrators

dev ops codingBeing a network administrator/engineer typically requires typing in ssh consoles to get things going. At some point, being able to automate tasks or being able to manipulate configurations based on a certain outcome will become necessary. I’ve gathered a few thoughts on real world views to network automation. The buzzword floating around for this topic is NetDevOps.

NetOps/NetDevOps(my definition): Network automation using code to run commands that would normally have to be typed in manually into each device. Example: Run code that can parse or write through configs, logs, and snmp values in order to take action on a specific outcome.

I won’t go into the details of the ins and outs of NetOps/NetDevOps and how to get started with coding. I’ve provided a list of links with information that other really smart people came up with. Continue reading »

What does a Network Administrator do?

The Network Administrator

I wanted to share what a network administrator’s daily job duties, functions, and tasks may entail on a daily basis. For those new out there to the realm of IT, a network administrator typically interacts with the hardware/software components that transfer data to and from devices over a physical distance through some type of medium. Some of these devices include: personal computers, laptops, tablets, servers, switches, routers, firewalls, load balancers, wireless access points, and any other devices that rely on transmitting data. The components that are typically managed daily by a network administrator are switches, routers, wireless access points, DHCP/DNS servers, IP address provisioning, documenting/diagramming the network, monitoring bandwidth usage, and maintaining copper/fiber cable plants. Continue reading »

Checkpoint VPN MEP by default…

I started having issues that required the use of deploying another checkpoint VPN gateway. My team setup the new VM, installed Checkpoint Gaia, and completed the configuration for VPN. I created a new site in my windows checkpoint endpoint security client that pointed to the new DNS entry and off I went. I started to have issues being able to connect to the new VPN gateway after a few days, so I enabled logging in the checkpoint endpoint client. I discovered that my client was trying to connect to one of my original VPN gateways even though I didn’t have the original gateway defined in the VPN client. After a quick call to support, we found out that MEP (multiple entry point) was enabled by default on checkpoint VPN gateway’s that used the same encryption domain. I had to disable MEP, but couldn’t find any settings in the GUI.  The following KB article gives directions on how to disable MEP:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk78180

MEP wasn’t the desired configuration, but I could see its benefit of being enabled for a redundant VPN gateway setup. I may enable MEP in the future. Only time will tell.

F5 Forwarding IP VS fun…

I have been recently spending lots of time with our F5 Big IP 2000s. We have been working on deploying a new private network behind the F5 with nodes that admin’s would like to directly access from their secure admin workstations. Our current setup has the nodes behind the load balancers using basic Virtual servers that forward the traffic from external routable IP’s to internal non-routable IP’s. Therefore I would need to create multiple VS’s per each node that admins wanted to access. That would be a lot of VS’s.

There are a few other clever ways to get around this, well maybe not necessarily clever. The first is using a jump server. The admins would access one VS that would forward to one pool member with one node in it. Then they could then access the other private nodes from this “jump” server. The other option would be adding another NIC to the admin workstations and put that NIC on the same VLAN that the private nodes sit on. Both of these are not the greatest ideas.

I therefore convened with an F5 tech guru and passed this idea by him. Could I have a router with a routed interface within the F5 private VLAN that has the F5 private nodes? I could then take the private non-routable network and make it routable protected by an ACL on the router. The nodes would still point to the F5 for the default gateway. When an admin workstation would communicate to the node, it would send the traffic through the router; the router would then forward packets to the node. The issue then lies with the node sending the traffic back to the F5 because it’s the default gateway and that creates issues. I found out from the tech that there’s a way to get this to work by using an IP forwarding VS that listens on the F5 private VLAN.

You will first need to make sure that your current nodes are not in an SNAT, as SNATs along with an IP forwarding VS configured on the same interface don’t work, as the SNAT listens over the IP forwarding VS. Within the VS, the source network would be the private node network and the destination would be the network where the secure admin workstations sit, which would be accessible across the router that I placed on the private node VLAN. Now, in order to get the F5 to forward to the router on the private node VLAN instead of using its routing table, you have to create an iRule as the Forwarding (IP) resource within the VS. Here’s the iRule syntax:

when CLIENT_ACCEPTED {

if { [IP::addr [IP::client_addr] equals 10.1.1.0/24] }   {

nexthop internalvlannum 10.1.1.254

}

}

The 10.1.1.0/24 is the internal private node network that sits on the F5. The 10.1.1.254 address is the gateway of the router that’s sitting on the F5 private node network. This iRule forwards the traffic to the router instead of using the F5 to forward the traffic. You also have to assign a protocol profile (client)  Fast L4 profile to the forwarding (IP) VS as well with Loose initiate and loose close enabled to allow the tcp packets to flow correctly.

What happens in Mexico, saves Mexico

I just had an opportunity to go on my first mission’s trip to Playa Del Carmen in Mexico for a week with seven members of the church I attend. We were invited and led by Mission Explosion International. We planned to visit and help out a local Church of Christ in Playa Del Carmen. Our goals consisted of going out in the neighborhood to promote a clinic check that would be hosted in the local Church building. The clinic sessions included checking blood pressure and sugar levels along with hosting VBS (vacation bible school) days as well. We also planned to hand out Spanish Mission soccer balls.

mexico-mission-3

We ended up doing 3 days of clinic work, 2 days of children outreach, one day of men’s and women’s bible study, and our Evangelical guide preached on Sunday. The trip was amazing. We had lots of fellowship, outreach, teaching, and preaching going on all lead by God and His spirit. If you ever have an opportunity to go on a mission’s trip, please pray diligently and seek God’s guidance in the matter. I found out that I was way more capable through Christ than I ever imagined. In the end, the culture, language, and the income levels may be different, but the people are no different than us in the fact that they need God and Jesus Christ just like we do.

mexico-mission-2

Thank you to Rusty, Audrey, Jordan, and Kylee!!! I will never forget my first mission’s trip to Mexico.

@javi_isolis

Cisco UC on UCS

One of our latest projects at work is moving from centrex to Cisco Unified Communications (UC). I was assigned to complete quite a few tasks for this project. One of the first tasks was getting our two UCS c240 rack mount servers going. Our purchase was part of a larger order, so our UCS rack mount servers are bare metal servers. No esxi or UC components were pre-installed. I originally wanted to install esxi on the cisco flexflash SD card, but then found out that UC on UCS doesn’t recommend that configuration. I also found out that Cisco recommends that 2 RAID 5 arrays should be created across the 16 drives that we have in our c240’s.

ucs 2u c240 server

If you want to stay on a Cisco tested reference configuration (TRC), then I would recommend that you check out this Cisco page for reference:

http://docwiki.cisco.com/wiki/UC_Virtualization_Supported_Hardware

1 2 3 4 6