alcatron.net

Cisco has finally got their act together and released a x64 version of their VPN client to be used on Vista/Windows 7. About Time!…I just tested it and works well The following is available:

vpnclient-winx64-msi-5.0.07.0290-k9.exe
Release Date: 13/Apr/2010
VPN Client Software for x86 64-bit version of Vista/Windows 7 - Microsoft Installer
Size: 4898.00 KB  (5015552 bytes)

And the x86 as well of course:

vpnclient-win-msi-5.0.07.0290-k9.exe
Release Date: 13/Apr/2010
VPN Client Software for x86 32-bit version of XP/Vista/Windows 7 - Microsoft Installer
Size: 7814.00 KB  (8001536 bytes)

They would probably kill me if I mirrored it on here, im sure you guys can grab a copy of it from somewhere

Tech

Hey everyone, welcome to 2010

In the last week I managed to score myself a Cisco Aironet Series 1140 access point. Now it is standalone since its only going to be used for a single AP setup without any wireless controllers.

The model which I got is the - AIR-AP1142N-N-K9 and also I had to get with it a powersupply AIR-PWR-B=.

As taken from the cisco website..

“The Cisco® Aironet® 1140 Series Access Point is a business-ready, indoor access point designed for simple deployment and energy efficiency. The 1140 Series is a dual-band (a/g/n), 802.11n access point with integrated antennas. It can be ordered in a controller-based* (lightweight) or Standalone (autonomous) version. “

I must say im quite impressed by this AP, the performance and features make it really outstanding. The access point is “Made in the USA” so none of that made in china stuff..

A show version from the console:

Cisco IOS Software, C1140 Software (C1140-K9W7-M), Version 12.4(21a)JA1, RELEASE
SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 16-Sep-09 18:09 by prod_rel_team

ROM: Bootstrap program is C1140 boot loader
BOOTLDR: C1140 Boot Loader (C1140-BOOT-M) Version 12.4(18a)JA, RELEASE SOFTWARE
(fc4)

cisco AIR-AP1142N-N-K9     (PowerPC405ex) processor (revision A0) with 98294K/32
768K bytes of memory.
Processor board ID FTX1350S0AG
PowerPC405ex CPU at 586Mhz, revision number 0×147E
Last reset from power-on
1 Gigabit Ethernet interface
2 802.11 Radio(s)

The access point is configurable by console and by a webpage interface. I must say the webpage interface is quite easy to use, and so is the AP.

I have taken some screenshots of the webpage interface below, and some shots of the AP. It gets a 10/10 from me, and of course the AP is nicely connected to that 2960G switch (click on images to make them larger)

Tech

Well the new switch just arrived here are some pics. Looks quite nice, little bit bigger than your usual 8 port switch, but it runs nice and quiet

When it came to configuring individual ports, following website prooved very useful:
http://www.itsyourip.com/cisco/how-to-enable-spanning-tree-portfast-in-cisco-catalyst-switch-ios/

With gigabit connectivity you can enable jumbo ports in global config:

system mtu jumbo 9000

Then by issuing “show system mtu”

System MTU size is 1500 bytes
System Jumbo MTU size is 9000 bytes
Routing MTU size is 1500 bytes

Also note on Port GigabitEthernet 0/6 i decided not to use the portfast/bpduguard since the Cisco 877 is plugged into it, and that has a switch. Portfast is only recommended on single devices etc.

Current config I have running:

Current configuration : 3531 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2960G
!
boot-start-marker
boot-end-marker
!
enable secret yourpasshere
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet0/1
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/2
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/3
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/4
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/5
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/6
switchport mode access
!
interface GigabitEthernet0/7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!

interface GigabitEthernet0/8
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface Vlan1
ip address 10.108.1.9 255.255.255.224
no ip route-cache
control-plane
!
!
line con 0
login

line vty 0 4
access-class 102 in
login
line vty 5 15
no login
!
end

Tech

Well i just ordered a new cisco switch - CISCO WS-C2960G-8TC-L

To be used for home purposes of course and experimenting So far I have the 877 as the ADSL type modem, also got a Cisco Pix501 used as a firewall for a wireless network I connect into, and im just missing a cisco switch now

I also have to one day write a small writeup on how a pix501 can be configured in between networks.

When i get the 2960G will post photos/config etc

Tech

Cacti is a great graphing tool for monitoring your network traffic, and especially for capacity planning. However what if the links you utilise are greater than 100mbit? Cacti by default will only graph up to 120mbits with the graphs since they are only 32bit graph counters. In order to graph more than 120mbits of bandwidth 64bit counters are required. I have included as part of this post a XML import file for cacti which allows you to use 64bit counters but with Total Bandwidth as well recorded from the graphs. Thanks to a friend of mine (Mr DS) for finding this on the cacti forums. (http://forums.cacti.net/about4160-0-asc-0.html)

Download: 64bit Counter Cacti Template with Total Bandwidth

Sample Graph of 1Gigabit link with 64bit Counter Total Bw SNMP v2 probe:

Tech

Well, ever since I started this site, Ive noticed that my DSL2 connection has not been that flash, and Ive been experiencing speed/dropout issues. The way I noticed this was that the Cisco 877 was not able to remain synced for more than 1-2 days without dropouts. Upon further investigation I discovered that the modem was receiving a large amount of HEC/CRC errors, around 2000+ each day. However the line seemed to work fine on a Billion 7300, with a Standard profile set on the DSLAM end, but this was still reporting a very high amount of errors. Also the SNR margin was not consistent and would fluctuate wildly from 10dB right down to -2dB. It was worse during nights etc.

So now im expecting anyday now for the Telco to come and fix this issue, as it appears its being caused from one of the poles in the street.

So what is this “Foreign Battery” issue? Well I managed find a few answers..

“Foreign battery will affect your ADSL sync. From my understanding foreign battery is unwanted voltage getting onto the line from somewhere. Which means the there is more voltage on the line than is normal, which in turn will give noise and interference on the line and cause issues with devices.”

“The high frequency of ADSL will often get through a poor or open circuit joint but low voltage VF (voice) signals will not. ADSL will work over most types of faulty lines surprisingly well, except for a Foreign Battery fault where your line is crossed with the battery side of another line, quite low voltages will kill ADSL but may not even be noticed on the phone.”

So if you are having these types of issues yourself, it could be a “Foreign Battery” fault!

Tech

Need to know what your dsl sync stats are and more details about the link?

cisco877>sh dsl int

Or as in my case improving the attenuation on the upstream by 3dB..we can modify the gain tx-offset value to 3

Enter exec mode:

cisco877#conf t
cisco877(config)#int atm0
cisco877(config-if)#dsl gain-setting tx-offset 3

To show ppooe uptime on the session:

Look at the active time column

cisco877#sh caller

To show logs on the modem to see activity:

cisco877#sh log

Need to troubleshoot pppoe events, atm, errors, and see more detail, simply issue..

cisco877#debug pppoe events
cisco877#debug pppoe errors
cisco877#debug atm events
cisco877#debug atm errors

These details will then be logged into the log file as above. To remove the debugging simply issue the no statement at the front.

If you have any more tips,hints, recommendations, please comment below

Cisco 877, Tech

I decided to downgrade to IOS c870-advsecurityk9-mz.124-15.T6.bin so I could try ADSL firmware AMR-3.0.043.bin, ver 20/22 of this IOS doesnt work with this firmware.

So far ive noticed 3.0.043 has slightly less Reed Solomon/CRC/Header errors, and notice improved performance. On previous firmware I noticed on upstream, I would get quite a few errors upon sync however with this firmware it seems fine and shows 0.

Cisco 877, Tech

Are you running a server, utorrent or some other application which requires a port to be forwarded back to your internal network?

Its very simple and easy to do on the Cisco 877.

Direct Forwarding

a) We have a webserver on port 80 and we wish to forward port 80 from outside back to internal

ip nat inside source static tcp 10.108.1.6 80 interface Dialer1 80

b) A torrent type port forward:

ip nat inside source static tcp 10.108.1.1 61437 interface Dialer1 61437

As we can see basically we are opening external ports on the router, and allowing that port to be routed back to our internal network on the specified IP address. (Remember to substitute your internal IP address above and the port you wish to use. You may also need to change the Dialer, either Dialer1 or Dialer0 depending how your device is configured)

Re-Direct Forwarding

In your internal network you may have 3 machines which all run RDP on port 3389. Now you cannot map 3389 three times, only 1 port can be used at a time.

So what you can do, is setup a redirection so that the external port numbers are different but map to the same 3389 port numbers internally.

Example:

ip nat inside source static tcp 10.108.1.1 3389 interface Dialer1 4321

In this example, port 4321 is opened externally which maps back to the internal IP address on port 3389  (RDP)

ip nat inside source static tcp 10.108.1.10 3389 interface Dialer1 1832

Another example opening another external port to redirect to a different host inside the internal network for RDP

Another good example is you might be running a SSH server on your inside network on port 22, while externally you can configure it to be seen as port 6211.

ip nat inside source static tcp 10.108.1.10 3389 interface Dialer1 6211

This is a good security practice, so that you do not get constantly probed by bots on port 22 to try hack into your box with username/password combinations.

Cisco 877, Tech

I started to learn a bit more about network monitoring tools and how to monitor the network. One of these tools is “Whats UpGold”, which can monitor uptime on devices, probe for interface bandwidth utilization and various other items. I have just begun using this software to monitor 300+ cisco devices for uptime, bandwidth utilisation, and recommend it highly. One thing about it I like, you can setup maps of a town/city/state with dot points and if a device goes down the dot shows red, and if its up its green, so you exactly know when/where it goes down.

See website below for more info.

http://www.whatsupgold.com

Whats Up Gold network monitoring

Ipswitch WhatsUp Gold is the world’s leading network management software with over 70,000 networks reliably managed worldwide. Built on a scalable and extensible architecture offering automated device discovery and network mapping, real-time SNMP and WMI monitoring, and versatile alerting, notification, and reporting functionality, WhatsUp Gold delivers 360° visibility, actionable intelligence, and complete control.

Now if you have the $$$ this other superb tool offers far more in-depth monitoring called CA eHealth, it has a deeper inspection inside the network such as utilization, latency, uptime between interfaces, and capacity planning, and other very detailed reports, compared to WhatsUp Gold.

Apparently this tool for enterprises costs around $500,000AUD to have it setup, which is why this is only used by the best of the best network operation centres to monitor large and complex networks.

For more info http://www.ca.com/us/network-performance.aspx

CA eHealth

Help ensure the network performance and availability of LANs, WANs, routers, switches and the technologies and the network services provided over them. CA eHealth® Network Performance Manager provides comprehensive, vendor-independent technology that enables you to pinpoint areas of network performance degradation and generate real-time management reports to identify the causes of problems.

Now you are probably wondering what about some FREE monitoring tools?! I personally use CACTI which is a fantastic monitoring tool for my home network, but can be used for business/large enterprise also. The tool is open source, and has a great support forum which is excellent. The tool is a network graphing solution and many examples can be found on its website what can be monitored.

http://www.cacti.net/

Using Cacti to monitor WAN traffic on DDWRT firmware routers

Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

Tech