I added a new link to Packetlife.net, which is a really amazing website about networking, with focus on Cisco stuff.

The work that the author made is truly impressive : blog, cheat sheets, gentle forum and even a lab (I haven’t test because I don’t need it, but if you are a student, it is great for students and so far I have never seen any other website offering it), all integrated with a quality level that is rare to find even on professional website.

This is one the best website I have never seen in all categories and certainly the best about Cisco networking. If you are interested in this topic, visit there right now.

JC :: Feb.20.2010 :: Cisco, Network :: No Comments »

Netios 0.73 fixes some bugs and

Complete changelog :

2010-02-10  (0.73) Jean-Christophe Baptiste <jc@phocean.net>

* remove useless options
* fix various bugs

Check there (tools page) for more details and a download link.

JC :: Feb.10.2010 :: Cisco, Defense, Network, Python, Scripts, Programs, Security :: No Comments »

Netios 0.72 fixes some bugs with the show_run mode and large config files. I also found some issues concerning the prompt detection, so it should be fixed now.

Complete changelog :

2010-01-14  (0.72) Jean-Christophe Baptiste <jc@phocean.net>

* ciscoclass.py : forgot to remove a debug print
* ciscoclass.py : finish and fix a bunch of bugs in the show run function, format the config file properly
* ciscoclass.py : fix the prompt regex

Check there (tools page) for more details and a download link.

JC :: Jan.15.2010 :: Cisco, Defense, Network, Python, Scripts, Programs, Security :: No Comments »

I release a new version of Netios : 0.71.

There are a lot of changes, starting with cosmetics, but the biggest one is the support of multiprocessing.

It is now able to process several routers at the same time, so using it on a large list of machines results in a big speed up.

A downside is that it now requires at least Python 2.6, as multiprocessing started to be supported with this version only. Most Linux distributions now include Python 2.6, but still not all. Anyway it will be more and more the case. If you can’t uprade your distribution, you can stick with 0.60 which still do most of the work fine.

It is also now able to fetch a configuration file remotly, but it requires more testing before I feel confident in the way it works.

The complete changelog :

2009-12-20  (0.71) Jean-Christophe Baptiste ;

* ciscoclass.py : handle correctly the cisco pager — More — so that “show run” mode should work even with large config files
* sshclass.py : allow to override terminal size system settings (make use of the cisco pager to avoid filling the buffer)

2009-11-16  (0.70) Jean-Christophe Baptiste (private release)

* implement multiprocessing
* improve code documentation
* clean up UI
* reduce useless logging
* netios.py : bug : missing startTime parameter in f_skip_error and f_command functions

I cross my fingers so that there are not too many bugs, but if so, please don’t forget to report it to me.

Check there (tools page) for more details and a download link.

JC :: Dec.20.2009 :: Admin, Cisco, Defense, Linux, Network, Python, Scripts, Programs, Security, System :: No Comments »

I just released an alpha release of a little tool that may help network administrators with a large park of Cisco routers or switches :

Netios is a little tool aimed to help network administrators to administrate a large number of Cisco network devices.
Providing it with a list of equipments, it connects within SSH to remotly apply IOS commands.

It can automatically :

• retrieve and export in a CSV file the list of local users
• update the local user, the enable password
• change NTP settings
• execute a file of customed IOS commands
• retrieve configuration files

It can read the targets from the command line or from a text file.

Its primary goal is to improve the security by making it easier to renew regularly the local password of these equipments, but it can do more convenient things (and I will continue to work to add more of them).

Check there (tools page) for more details and a download link.

JC :: Nov.07.2009 :: Cisco, Defense, Network, Python, Scripts, Programs, Security :: No Comments »

GNS3 is configure to use Xterm by default.

If you are on Gnome, you may want to use the Gnome terminal.

The proper command to set is :

gnome-terminal -t %d -e 'telnet %h %p' > /dev/null 2>&1 &

JC :: Oct.01.2009 :: Cisco, Network :: No Comments »

I got this weired message while trying to save a configuration :

#wr mem
Building configuration...
% Warning: Saving this config to nvram may corrupt any network management or security files stored at the end of nvram.
Continue? [no]: no
% Configuration buffer full, can't add command:
************************************************************************

Looks scary at first, but normally it should be solved with a single command :

# configure terminal
(config-ter)# service compress-config
(config-ter)# end
# write mem

I guess that there are little chances the issue remains after that, but if so, well, you may be in trouble…

JC :: Sep.26.2009 :: Cisco, Network :: No Comments »

I had some trouble today at office with monitoring flows going through a MLS switch.

The Nfsen collector was working well for our routers, but I came to realize there were something definitely wrong with the traffic going through a Cisco 6500 switch.

The traffic reported was way below the real one.

After some research, what I suspected was confirmed by this documentation from Cisco.

Some more steps are required to make Netflow report flow processed by the switching module.

Otherwise, as only the first packet is routed and the following ones are switched by CEF, Netflow will only see the first packet at layer 3.

That explains why the reported traffic was ridicoulously small.

So, where on routers the following commands are enough :

(config)# ip cef
(config)# ip flow-export version 5
(config)# ip flow-export destination 192.168.1.1 1234
(config)# interface fa 1
(config-if)# ip route-cache flow

On MLS switches (like 6500 or 7200), add :

(config)# mls netflow
(config)# mls nde sender
(config)# mls aging long 64
(config)# mls flow ip full

The commands are described there. Unfortunately, as often with Cisco, they may vary depending on the IOS version your are running.

JC :: Sep.23.2009 :: Cisco, Network :: 2 Comments »