alcatron.net

Well since I am working in all types of networky things, I really recommend “netdisco” for working on any big network projects which require big implementations or changes to the current network, and of course your normal day to day network support of devices.

At the moment im working on this quite largish project to segment a /20 huge broadcast domain to 40 x /24 vlaned subnets. We need to know what sits on the big network and how we will transition every single device accross to new IP addresses and what kind of impact that will have.

This is where netdisco comes in, I put in all my devices into this tool (well all the Cisco switches etc which exist in my network via SNMP + CDP) and I let the tool monitor the devices. So basically it monitors every port, whats plugged in to the switch, and what IP is connected to each port, MAC etc.

From this we can gather a database of whats currently present in the network and how we will transition it accross to individual subnets. It is particularly useful if you wish to migrate printers & devices with static IP, because it will tell you what switch they sit on, their current IP, and MAC address. This way before starting your work to transition over you can plan your DHCP server configuration, and new IP reservations etc.

Another great thing about this tool as well is, it shows archived data for each port, so if something has been unplugged for 2 days, you can still find what has been connected to the port!

However it is also useful for your normal day to day support of your network switches/routers and knowing what exacly it is connected to each port. So for example you want to know in your network what is 10.44.23.231? No worries, this tool will find it for you, and what switch its connected to and port + its MAC address!

Netdisco you can operate through a web browser, and the current features it offers are: (as taken from the website www.netdisco.org)

• MAC Address to switch port resolution.
• IP Address to switch port resolution.
• Find Switch Ports with multiple nodes attached
• Find nodes using multiple IP addresses
• Find nodes by vendor (using MAC address OUI)
• View and Change VLAN assigned to port
• SSID And Channel Information on wireless ports
• Central location to disable/enable switch ports.
• Navigation through a Web Interface. Maintenance through a Command Line Interface (CLI).
• Database store for scalability and speed (Postgresql).
• Easily extendible to new network device types and vendors.
• Built-in user system to restrict access to sensitive data and features.
• Administratively enable/disable switch ports from web interface with logging.
• Automatic inventory and search of network hardware.
• Duplex Mismatch Finder for uplink ports.
• Find rogue Wireless Access Points (APs) from the wired-side of network.
• Netdisco creates a clickable graph/map of your network topology.
• Get statistics of the number of actual nodes connected to network and their address-space usage.
• Find devices using IP Addresses without DNS entries

There is one thing with this tool, it is very tedios to setup and configure, you can spend virtually days trying to get things right…

However I came accross this website http://wokka.org/netdisco/ which has a Vmware image of the tool, which you can download. Its already pre-setup, and you just follow a few of the instructions and its all ready to go. The OS it runs under is FreeBSD, and netdisco was originally configured to run smoothly & secure on this OS.

If you wish to take netdisco to a production level in your environment you can setup a VMware ESX server and run the image. As a general rule, the thing to watch is the polling frequencies versus how long it takes to poll all of your devices, every 10mins polling should be sufficient for about 50-150 devices.

However, if in your network you have 2000+ devices it is recommended to increase the polling time to 4 hours and let it run on a Dual CPU, 4GB RAM, 15GB+ Hdd space, since it will be processing a fairly large amount of SQL data etc

For most users the Vmware image should be sufficient to use, or you can set it up using the installation procedure on the official netdisco website. (be warned its quite a long process!)

Tools

If you wish to perform any type of graphing in MRTG/Cacti on a network device to look at the SNR, Attenuation, Downstream speed, errors, packets etc they all would be stored in a OID number.

For example I have a new router with SNMP enabled and I wish to graph the downstream SNR (Signal To Noise) margin over a set period of time into Cacti. How would I accomplish this without having any specific templates or knowledge about my router? Well there is a tool out there called “GetIf”, and what this tool does it allows you to probe your network device and it scans for all the OID values of the modem.

So for example in my below screenshot I have just scanned my router for values and I got a report, and then I looked through the values it found and then I tried locating the SNR value and what was matching to the modem.

In the program “GetIf” the mbrowser tab is used to scan for OID values. As in my case I have managed to find the downstream SNR OID value as .1.3.6.1.2.1.10.94.1.1.3.1.4.4, and this OID number we can then use on our cacti/mrtg template to graph this over time.

However this is not the only thing the program can do..

“GetIf is  much more than an SNMP browser however, with the ability to graph OID values over time, display the device’s interface information, routing and ARP tables, as well as do basic port scans, Traceroutes, NSLookups, and IP Scans”

For more info please visit the website: http://www.wtcs.org/snmp4tpc/getif.htm

Tools

Brief Overview

The Cisco 877 comes with the default Alcatel firmware loaded AMR-3.0.014.bin. I decided to upgrade this to the latest one AMR-4.0.015.bin. There is quite a few improvements in this firmware mainly to do with stability and dslam compatibility. Since I had c870-advsecurityk9-mz.124-22.T IOS installed the firmware update worked but I could get no sync, the CD light kept flashing constantly. I think they are looking at creating a later version of the firmware to work with the -22T IOS.

In order to get the new firmware (AMR-4.0.015.bin) fully working I had to downgrade the IOS to c870-advsecurityk9-mz.124-20. After this occured everything worked perfect.

Previously by default if you issued “show dsl int” it would read:

Init FW: init_AMR-3.0.014_no_bist.bin
Operation FW: AMR-3.0.014.bin
FW Source: embedded
FW Version: 3.0.14

Now after the firmware upgrade it read:

Init FW:         init_AMR-4.0.015.bin
Operation FW:    AMR-4.0.015.bin
FW Source:       external
FW Version:      4.0.15

The Process

To upgrade the firmware I downloaded the latest adsl_alc_20190.bin.4.0.15, next I setup my TFTP server.
The file required to be renamed so the adsl modem can pick up the new firmware. So i renamed the file to “adsl_alc_20190.bin”

This file had to be placed on the tftp server so I could perform the upgrade. The following commands were issued as an example:

cisco877#copy tftp flash
Address or name of remote host []? 10.108.1.16
Source filename []? adsl_alc_20190.bin
Destination filename [adsl_alc_20190.bin]?
Accessing tftp://10.108.1.16/adsl_alc_20190.bin…
Loading adsl_alc_20190.bin from 10.108.1.16 (via Vlan1): !!!!
[OK - 996472 bytes]

996472 bytes copied in 9.176 secs (108595 bytes/sec)

I issued the “dir flash:\” command to make sure it was present:

cisco877#dir
Directory of flash:/

2  -rwx    18275844  Dec 27 2008 16:42:44 +10:30  c870-advsecurityk9-mz.124n
3  -rwx        3179   Mar 1 2002 10:34:39 +10:30  sdmconfig-8xx.cfg
4  -rwx      931840   Mar 1 2002 10:34:59 +10:30  es.tar
5  -rwx     1505280   Mar 1 2002 10:35:27 +10:30  common.tar
6  -rwx        1038   Mar 1 2002 10:35:44 +10:30  home.shtml
7  -rwx      112640   Mar 1 2002 10:35:58 +10:30  home.tar
8  -rwx      996472  Dec 27 2008 16:43:47 +10:30  adsl_alc_20190.bin

23482368 bytes total (1648640 bytes free)

After this was complete, the command “reload” was issued so the router can reboot and pickup the new firmware.

cisco877#reload
Proceed with reload? [confirm] yes

Note: If I issued “delete flash:\adsl_alc_20190.bin” the firmware would be removed and the default one would be loaded from within the IOS “AMR-3.0.014.bin”. So there is nothing you can really do to screw up the upgrade if something goes wrong, simply just delete the file from the flash.

Issues discovered

I needed to rollback to c870-advsecurityk9-mz.124-20.T for the firmware to work, and I had c870-advsecurityk9-mz.124-22.T installed. So what I did was just issue the command

cisco877#delete flash:/c870-advsecurityk9-mz.124-22.T.bin
Delete filename [c870-advsecurityk9-mz.124-22.T.bin]?
Delete flash:/c870-advsecurityk9-mz.124-22.T.bin? [confirm]

After this I then tried copying the -20.T IOS via FTP however this kept constantly failing, and I had no idea why with the following error:

cisco877#copy tftp flash
Address or name of remote host []? 10.108.1.16
Source filename []? c870-advsecurityk9-mz.124-20.T.bin
Destination filename [c870-advsecurityk9-mz.124-20.T.bin]?
Accessing tftp://10.108.1.16/c870-advsecurityk9-mz.124-20.T.bin…
Loading c870-advsecurityk9-mz.124-20.T.bin from 10.108.1.16 (via Vlan1): !!!!!!]

%Error reading tftp://10.108.1.16/c870-advsecurityk9-mz.124-20.T.bin (Connectio)

I was now thinking, what am i going to do now without the ability to copy this IOS via TFTP. So I did a bit more research and found you can also copy the IOS image via FTP. So then I setup a FTP server with anonymous login and attempted again..

cisco877#copy ftp://10.108.1.10/c870-advsecurityk9-mz.124-20.T.bin flash
Destination filename [c870-advsecurityk9-mz.124-20.T.bin]?
Accessing ftp://10.108.1.10/c870-advsecurityk9-mz.124-20.T.bin…
Loading c870-advsecurityk9-mz.124-20.T.bin !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 18275844/4096 bytes]

18275844 bytes copied in 220.164 secs (83010 bytes/sec)

And YESS! The copy worked perfect and IOS loaded just fine, no idea why TFTP didnt like the file

So if you are in the same scenario ever like this, simply use FTP instead of TFTP to copy an IOS.

A Tip

Remember previously how you had to issue the command “service internal” to configure noise margin settings…well that is no longer the case with this new firmware! Now it is by default in the atm0 interface mode, and theres a few other settings you can adjust as well..

cisco877(config-if)#dsl ?
bitswap              Bitswap Feature
enable-training-log  enable the fw training log for Showtime and failure  cases
gain-setting         ADSL programmable gain setting
lom                      Loss Of Margin watch counter for line retrain
max-tone-bits     set maximum bits per tone limit
noise-margin       set noise margin offset
operating-mode   auto or specific ADSL mode
power-cutback     Noise Threshold for Power CutBack
sync                    ADSL sync preferences

If you decide to take this upgrade path, let me know how you go and if you have any comments or further tips to add to this

Cisco 877, Tools

I managed to find out a secret setting within the 877 to fine tune the SNR margin if you are having stability issues maintaining adsl line sync.

Go into global configuration mode and type the following:
service internal
int atm 0
dsl noise-margin (a value between -3 and 3)

The service internal command exposes the dsl noise-margin command (and other hidden/non standard commands). The dsl noise-margin forces the router to training at a higher noise margin (sacrificing speed for stability). Setting this to 3 for example should see you get a higher noise margin, slower speed (and depending on firmware) a higher attenuation.
Start at 3 and work your way down to 0 in 0.5 steps until you get a stable connection. A value of 0 is the same as not having this command at all (eg: normal settings).
If you add a dsl noise-margin command, after a reload you’ll see “WARNING: Unsupported Command. May cause violation to ADSL standards.” on bootup, ignore it, it’s just the addition of the noise-margin command.
Use the dsl noise-margin command to fine tune your connection to get that extra stability if required.

Cisco 877, Tools

Ive managed to develop a Cisco 877 Cacti Template, feel free to test and report back any issues. Works with the latest 877 IOS (C870-ADVSECURITYK9-M), Version 12.4(22)T and Cacti 0.8.7b

Download: Cacti 877 Template

Screenshots:

Cisco 877, Tools

Did you ever want to use the power of SNMP to create graphs with Cacti, MRTG etc? I’ll make you’re life a bit easier by posting the OIDs used by Cisco 877 & Billion 7402R2M modems to get line speed, SNR, attenuation etc

Cisco 877 SNMP OIDS (These work with the latest IOS image  (C870-ADVSECURITYK9-M), Version 12.4(22)T

.1.3.6.1.2.1.10.94.1.1.3.1.8.12 = line speed out
.1.3.6.1.2.1.10.94.1.1.2.1.8.12 = line speed in
.1.3.6.1.2.1.10.94.1.1.3.1.7.12 = output power out
.1.3.6.1.2.1.10.94.1.1.2.1.7.12 = output power in
.1.3.6.1.2.1.10.94.1.1.3.1.5.12 = attenuation down
.1.3.6.1.2.1.10.94.1.1.2.1.5.12 = attenuation up
.1.3.6.1.2.1.10.94.1.1.3.1.4.12 = SNR down
.1.3.6.1.2.1.10.94.1.1.2.1.4.12 = SNR up

Billion 7402R2M SNMP OIDS (These work with the latest firmware 5.60c)

.1.3.6.1.2.1.10.94.1.1.2.1.5.3 = downstream attenuation
.1.3.6.1.2.1.10.94.1.1.3.1.5.3 = upstream attenuation
.1.3.6.1.2.1.10.94.1.1.2.1.4.3 = downstream SNR
.1.3.6.1.2.1.10.94.1.1.3.1.4.3 = upstream SNR
.1.3.6.1.2.1.10.94.1.1.4.1.2.3 = line speed downstream
.1.3.6.1.2.1.10.94.1.1.5.1.2.3 = line speed upstream

Cisco 877, Tools

Lets say in your network you have a lot of routers/switches and when you perform a traceroute you dont know what the hostname is of each device, or for example you need to know more information on the device and what IOS/firmware its running, and what ip addresses are assigned.

For example I need to know what 192.168.1.1 is in my network, and say I have SNMP enabled on my devices we can use a mix of SNMPget and SNMPwalk to find more details. Now this can only be performed on linux, so in this case i am using ubuntu.

root@ubuntu:~# snmpget -v 2c -c public 192.168.1.1 sysName.0
SNMPv2-MIB::sysName.0 = STRING: dd-wrt
sysName.0 shows the device name

root@ubuntu:~# snmpget -v 2c -c public 192.168.1.1 sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: Linux DD-WRT 2.4.35 #2005 Tue May 20 01:17:43 CEST 2008 mips
sysDescr.0 shows the firmware used on device and version

root@ubuntu:~# snmpwalk -c public -v1 192.168.1.1 ipaddr
IP-MIB::ipAdEntAddr.192.168.1.1 = IpAddress: 192.168.1.1
IP-MIB::ipAdEntAddr.200.100.1.1 = IpAddress: 200.100.1.1
IP-MIB::ipAdEntAddr.127.0.0.1 = IpAddress: 127.0.0.1
IP-MIB::ipAdEntAddr.169.254.255.1 = IpAddress: 169.254.255.1
IP-MIB::ipAdEntIfIndex.192.168.1.1 = INTEGER: 7
IP-MIB::ipAdEntIfIndex.200.100.1.1 = INTEGER: 77
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1
IP-MIB::ipAdEntIfIndex.169.254.255.1 = INTEGER: 7
IP-MIB::ipAdEntNetMask.192.168.1.1 = IpAddress: 255.255.255.0
IP-MIB::ipAdEntNetMask.200.100.1.1 = IpAddress: 255.255.255.255
IP-MIB::ipAdEntNetMask.127.0.0.1 = IpAddress: 255.0.0.0
IP-MIB::ipAdEntNetMask.169.254.255.1 = IpAddress: 255.255.0.0
IP-MIB::ipAdEntBcastAddr.192.168.1.1 = INTEGER: 1
IP-MIB::ipAdEntBcastAddr.200.100.1.1 = INTEGER: 1
IP-MIB::ipAdEntBcastAddr.127.0.0.1 = INTEGER: 1
IP-MIB::ipAdEntBcastAddr.169.254.255.1 = INTEGER: 1

snmpwalk shows what ip addresses are on that device

• Note in all the above cases the device has to have SNMP enabled, in corporate networks i would suggest enabling this feature however having a different read-only snmp string other than public due to security implications. Also it is important to know there is 3 types of SNMP versions v1,v2,v3, so you can set it up depending what the device supports. v2 of SNMP is quite common on many devices.

If you wish to know more information on the above utilities visit the websites below:

SNMP Walk:
http://net-snmp.sourceforge.net/docs/man/snmpwalk.html

SNMP Get:
http://net-snmp.sourceforge.net/docs/man/snmpget.html

General SNMP Info:
http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol

Tools