Archive for the ‘General info’ Category


Get-Console Review on the iPad

July 5, 2012

I have used my iPad to console onto Cisco routers and switches for about 2 years now. I started using the Flex-Serial cable on my jailbroken iPad and iPhone, with the iSSH app and a ported version of Minicom (earlier blog post).  Amidst some minor bugs and irritations this worked well and was considerably more convenient than carrying a laptop around the data centers. Earlier this year I ordered the RedPark RS232 cable from, since the Flex-Serial cable was not available anymore. (It’s easy to notice to wear on my Flex-Serial cable). I have used the Get-Console solution ever since and will share the other reasons why I switched and give a product review. If you been thinking of getting this, it might be in your best interested to read this post.

The Redpark cable

Let me first compare the RedPark and the Flex-Serial cables.

Flex-Serial Cable

Redpark Cable

Read the rest of this entry ?

About these ads

Nexus load intervals

March 7, 2012

This is a interesting but a trivial post. Everybody know about the interface command “load-interval” that changes the time period over which the interface packet-rate and throughput statistics are averaged.

I discovered an addition to this command on the Nexus the other day while poking around. NX-OS allows multiple counter intervals to be configured on the same interface. This allows different sampled intervals to be listed at the same time.

The configuration is easy:

#interface Ethernet1/19
  load-interval counter 1 40
  load-interval counter 2 60
  load-interval counter 3 180

Read the rest of this entry ?


Omnigraffle Stencil for Cisco Nexus

February 10, 2012

I am a MAC user and I have been looking but could not find a OmniGraffle Stencil with the Cisco Nexus icons, so I ended making one.

I have also submitted the stencil to

Feel free to download it and from Graffletopia or Mediashare:Cisco Nexus


Cisco Nexus User Roles using TacPlus

August 28, 2011

I previously wrote a post about the Nexus Roles and how they integrate with a TACACS server.

Cisco Documentation shows the following format to issue multiple roles from a TACACS/RADIUS server.:

shell:roles="network-admin vdc-admin"

We are using Shrubbery TACPLUS, instead of the Cisco ACS software. Last week I noticed that only one role was assigned when multiples should be assigned. Multiple roles are required when using one TACACS server to issue roles for VDC and non-VDC Nexus switches since they need different default User-Roles.

This was tested on a Nexus 5000, a Nexus 7000 and VDC on the same Nexus 7000. Different codes were tried. This was not a NX-OS bug.

Upon further investigation it was obvious, that the syntax above as provided by Cisco was specific their TACACS software, being the ACS software. But I still required multiple Roles to be assigned for my single TACACS configuration to work across multiple Nexus devices. First attempt was the lazy method. Ask uncle Google for any such encounters with a solution. That yielded no practical results. I then contacting Shrubbery for the solution, after that it became clear that possibly nobody else have experienced this problem before.

So the hunt began to find out exactly what was so different in the AAA response from the Cisco ACS software to the TACPLUS software that it did not yield the required results.

Read the rest of this entry ?


MPLS meet Nexus

August 2, 2011

The long wait is finally over. By long wait I mean more than 3 years. That is how long MPLS (Multiprotocol Label Switching) is late in delivery to arrive on the Cisco Nexus family of 10 GbE switches.

Why did it take so long? Especially considering that NX-OS has natively supported FIB table separation for a long time, more commonly known as VRFs (Virtual Routing and Forwarding). Yip, on NX-OS by default there are two VRFs, the Management VRF for the out-of-band management of the switch and the Default VRF for all in-band data interfaces. MP-BGP (Multiprotocol BGP) has been available for ages, all that was missing is LDP (Label Distribution Protocol) and perhaps for the more average network TE (Traffic Engineering) and RSVP.

So why the delay? Politics within Cisco, protection of specific BU product lines, perhaps a combination. Who knows! The exact answer is likely hidden somewhere deep within Cisco Confidential land. But who cares now that basic MPLS functionality is added right?

MPLS along with many other cool features included in NX-OS 5.2(1) for the Nexus 7000 platform was released last week. This is mostly good news, but also comes with some bad news.

Read the rest of this entry ?


Nexus’ improved CLI

May 19, 2011

The Cisco Nexus Series platform has some good things going. Having spent much of my time recently using them, I have come to appreciate some very neat improvements NX-OS is offering over standard IOS. For the most part driving NX-OS is very similar to IOS, but it’s been greatly improved.

One such example is the output from the most used IOS command “show ip int brief”, which on NX-OS only shows ‘IP’ (being layer 3) interfaces. To see the brief state of all types of interfaces use “sh int brief” instead.

N5K-2(config)# sh ip int brief
IP Interface Status for VRF "default"(1)
Interface            IP Address      Interface Status
Vlan19            protocol-up/link-up/admin-up
Vlan22            protocol-up/link-up/admin-up

N5K-2(config)# sh int brief
Ethernet      VLAN   Type Mode   Status  Reason                   Speed     Port
Interface                                                                   Ch #
Eth1/1        1      eth  trunk  up      none                       1000(D) 51
Eth1/2        22     eth  access up      none                        10G(D) -
Eth1/3        1      eth  trunk  down    SFP not inserted            10G(D) 50
Eth1/4        1      eth  trunk  down    SFP not inserted            10G(D) 50
Eth1/5        1      eth  trunk  down    SFP not inserted            10G(D) -
Eth1/6        19     eth  access down    SFP not inserted            10G(D) -
Eth1/7        1      eth  trunk  down    Link not connected          10G(D) 5
Eth1/8        1      eth  trunk  down    Link not connected          10G(D) 5
Eth1/9        1      eth  fabric down    Administratively down       10G(D) 9
Eth1/10       1      eth  fabric down    FEX identity mismatch       10G(D) 7
Eth1/11       1      eth  fabric down    vpc peerlink is down        10G(D) 34
Eth1/12       1      eth  fabric down    SFP not inserted            10G(D) 12
Eth1/13       1      eth  fabric up      none                        10G(D) 15
Eth1/14       1      eth  fabric down    Administratively down       10G(D) 9

Read the rest of this entry ?


Troubleshooting random Nexus reboots

March 13, 2011

November last year, a pair of Cisco Nexus 5010 switches, suddenly started rebooting randomly without user intervention.  Since these boxes were a front to a VM environment, stability were of urgent concern. But in order to stabilize the environment, the root cause of the reboots had to be isolated, and quickly.

The Cisco Nexus platform might not be as mature as many would like, but it is quickly becoming a very needed switch in Next-Generation datacenters. Of the things I like most about the Nexus boxes are the readily available local reporting and intuitive system checks.  Obviously there are many other features which is making the platform so popular. I’ll cover some of these in time.

Coming back to the rebooting issue. Unlike IOS devices that looses all local logging info, unless a crash dump was saved to NVRAM, the Nexus writes most of its log information to disk. Thus even after the reboot, you have all the information.
Read the rest of this entry ?


Using the iPhone for Out-of-Band access

January 21, 2011

I frequently use my iPad to console onto routers as per my earlier post. But there are so much more functionality here. The iPhone can be used as a Out-of-Band device.

Why? Because it occasionally happens that a router has no device near it that can provide console access. And if you doing risky changes, this beats having to sit next to the device while doing the changes.


  1. A serial connector cable  (30-pin Apple to male DB9 pin RS-232).
  2. A rollover cable.
  3. A jailbroken iPhone.
  4. Terminal application.
  5. Software that supports serial communication.
  6. Inbound connectivity to iPhone Sim.

Steps 1-5 is the same as my previous post. Only difference is with step-4. The app iSSH is not needed here as the SSH connection will not be made locally from the device. So once SSH is loaded via Cydia move along to Step-5.

The last step required is having inbound access to the cellular data IP on your iPhone. This varies between cellular providers. Some providers block inbound access, others allow it by default. If your cellular provider is blocking inbound access, you will have to request them to allow it for you SIM.

All that is left to do, is plugging your phone into the distant router, (preferably locked in the cabinet, to prevent it from being stolen). From you desk SSH to the iPhone and use Minicom to reverse console into your router.


Console to routers using the iPad

January 3, 2011

- – – – – – -

Please note I have done a more recent post about using the iPad to console HERE

- – – – – – -

Having had some free time finally, I’ve done what I have been meaning to for a while. That is use my iPad (instead of my laptop) everytime I need to run to the datacenter to console onto a Cisco router/switch. This is a complete tutorial how to use the iPhone/iPad for serial communication to Cisco devices. The iPhone works fine, but the small screen can be frustrating when doing large configs. The iPad on the other hand has enough screen real estate for this to be a pleasant experience.

What are required to do this?

  1. A serial connector cable  (30-pin Apple to male DB9 pin RS-232).
  2. A rollover cable.
  3. A jailbroken iPhone/iPad.
  4. Terminal application.
  5. Software that supports serial communication.
  6. Configuring the serial communication software.
  7. Crazy geek dance!


The most challenging part was finding/making a serial communications cable. I use the Flex-Serial cable from This cable has dip switches on the sides making it ideal for almost any type of serial communication.

Read the rest of this entry ?


My CCIE Booklist

October 9, 2010

A quick post. I’ve had many requests from guys asking details surrounding my studies and preparation. As always I am more than happy to help and aid other candidates where I can. After all I did not get this far on my own.

So first off I have create a new page called CCIE BOOKLIST (on the right) of books I bought and used for both the R&S and SP. I have added a small review of most of them.

In the next week or two, I will post the methods I used to get through the theory, labs, my approach and lab strategies etc.



Terminal Server in Dynamips

September 28, 2010

I find using a terminal server to connect to routers while labbing very efficient. I personally don’t like having 10 windows open when configuring devices. I tried it back when I started studying for my R&S but found I made more errors than worth. Since then I have gotten used to jumping between terminal sessions on one screen.

Like most I used Dynamips when I studied for the SP. I built a quad-core PC at home with Ubuntu. My laptop at the time was running Windows XP, but during my 4 months trial I got a Mac Book Pro. Obviously I had to study whenever I had time regardless of the platform. So I configured the same setup across all three platforms.

Configuring a terminal server in Dynamips requires a real interface to be bridged to a virtual router interface. This is done by using a loopback interface. This is done very differently on the three  platforms:

  • Windows XP (32-bit)
  • Ubuntu 9.10 (64-bit)
  • Snow Leopard 10.6 (32/64-bit)

The .NET file I used for the Internetwork Expert SP labs are at the bottom of the article.

Read the rest of this entry ?


Decrypting Cisco type-7 password

September 19, 2010

There are many ways a Cisco Type-7 password could be decrypted. Look at the following encoded passwords.

It could be decoded using any of the following methods:

  1. Using Cisco IOS
  2. An online website
  3. A freeware program
  4. A Perl script

Read the rest of this entry ?


Submarine Communication Cables

July 26, 2010

Greg Mahlknecht has drawn a map of the undersea communications infrastructure around the world using Microsoft Bing. I’d say it is pretty good. It gives you a good visual idea how the continents are interconnected.

Head over to his site to browse around, zoom in and  out etc…


CRC Errors on an ATM Trunk

May 13, 2010

How does one localise the errors on the ATM trunk to a specific VC?

Assume for a second that the following interface ATM1/0 is terminating multiple VCs (Virtual Circuits), and when you issue the following command you see CRC errors. How would you know which one of VCs are the problem child?

#show interfaces atm 1/0
ATM1/0 is up, line protocol is up
  Hardware is ENHANCED ATM PA Plus
  Description: bob's ATM
  MTU 4470 bytes, sub MTU 4470, BW 149760 Kbit, DLY 80 usec,
     reliability 255/255, txload 7/255, rxload 5/255
  Encapsulation ATM, loopback not set
  Encapsulation(s): AAL5
  8191 maximum active VCs, 16 current VCCs
  VC Auto Creation Disabled.
  VC idle disconnect time: 300 seconds
  Signalling vc = 1, vpi = 0, vci = 5
         UNI Version = 4.0, Link Side = user
  0 carrier transitions
  Last input 00:00:01, output 00:00:00, output hang never
  Last clearing of "show interface" counters 00:23:50
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1115
  Queueing strategy: Per VC Queueing
  30 second input rate 1966000 bits/sec, 1032 packets/sec
  30 second output rate 3226000 bits/sec, 1025 packets/sec
     885563 packets input, 129820445 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     350 input errors, 350 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort            '<----Not cool'
     1373823 packets output, 456299872 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out

Read the rest of this entry ?


Understanding and Configuring a HWIC-3G-GSM

May 12, 2010

Apologies for the long absence from posting. I find myself without any hours left in a day before I got to everything I wanted to do.  And before you know it, more than a month has gone past.

In my previous post I presented a quick solution to an Out-of-Band network and I talked about some options. I’ve had mails asking how to show some of the configurations. I’ll cover those and do other posts I have been promising in the next couple days.

This post will focus on the current Cisco 3G WAN card, the HWIC-3G-GSM. This card is supported by Cisco’s 1841, 1861, 2800-series and 3800-series ISR routers. This card only supports High-Speed Downlink Packet Access (HSDPA) “up to” 3.6 Mb/s downlink, 384 kb/s uplink (presumably HSDPA Category 5/6, but not sure)

“3G” is a broad category of standards and services around “broadband” mobile wireless voice and data. Universal Mobile Telecommunications System (UMTS) is part of this family. High Speed Packet Access (HSPA) is a collection of mobile telephony protocols that extend and improve the performance of existing UMTS protocols. Two standards, HSDPA and HSUPA have been established and is fairly well known.

Read the rest of this entry ?


Get every new post delivered to your Inbox.

Join 1,504 other followers