Router101

A colleague of mine passed this along to me recently. It is an old trick for breaking into a router. Of course you only should do this as a last resort, you know like when users are down, equipment has failed, executives are swarming, job is on the line, etc.

Here are the console session settings:

• 1200 baud rate
• No parity
• 8 data bits
• 1 stop bit
• No flow control

You no longer see any output on your screen and this is normal.  Power cycle (switch off and then on) the router and press the SPACEBAR for 10-15 seconds in order to generate a signal similar to the break sequence. Disconnect your terminal, and reconnect with a 9600 baud rate. You enter the ROM Monitor mode.

That’s it. This was used and verified recently on a AS5300 series router.

I have begun using a term to describe a co-workers primary job duty and of course something all Network Engineers have to do. It is called Network Archaeology.

Definition:  the systematic study of former Network Engineer’s job duties and responsibilites by the examination of current network architecture, physical connections, and configurations

Yay! I invented a new job description!

We all (network people that is) have to do the dreaded show tech-support command sometimes and blast it over to Cisco to analyze. So the question is, is there a way to just get this output to your tftp server? Well, yes there is! You don’t have to log the session you are on and capture the info to a file and go through all those extra steps. As long as you have a tftp server handy on your network run the following command…

show tech-support | redirect tftp://10.0.0.1/techsupport.txt

In fact, you can do this for a lot of show commands. Of course, it will depend on the IOS version you run but if you are fairly current (last 2 or 3 years) you should be okay.

I had a requirement at my company to make a certain public network segment non-public. This network segment was needed for some special equipment in a lab overseas. So, not wanting to route this through our OSPF structure across MPLS and keeping the network local only, I had to come up with a simple config on short notice.

I created my deny access-list (ACL) for the two networks first:

access-list 30 deny   128.0.1.0 0.0.0.255
access-list 30 deny   128.0.2.0 0.0.0.255
access-list 30 permit any

I add the ACL to my OSPF routing table. 

router ospf 1
 distribute-list 30 out

Now the rest of my network doesn’t see it and all is well! 

(The network used above was example only and not the actual network segment I used!)

It can be quite a challenge finding serial #’s on Cisco Equipment. There is no single way that I’ve found to do this. However, there are things you should try before traveling or calling to that remote office to have it verified.It is important to remember that not all commands will work. Some will show different data on the same device. Some will show exactly the same data on the same device. Here are some commands to try.

I got to thinking recently about PING. Yeah, I must be a little nuts to actually think about ping. Anywho, I figured I would write about the history of ping, you know the most useful tool in a Network Engineer’s arsenal.

Ping was written in 1983 by a dude named Mike Muss. He named it after the sound a sonar makes. Why? Well it had to do with the whole echo idea of what ping is all about. You know, ICMP echos? Anyone? Anyway, the reason he wrote the code was to try to figure out some odd behavior on a network. I mean isn’t that just the coolest thing.? That’s why everybody and their brother in IT uses it today!  Now, ping really didn’t stand for anything, no acronyms and such. However, you know IT guys love their acronyms so some other dude said PING stands for Packet InterNet Groper. Huh? Wha?

So, what is ping? It is a tool that tests connectivity as well as latency on a network link. It works by sending ICMP packets to the target host. Basically, one side sends a ICMP echo request and then it listens for ICMP echo responses. What is ICMP?  It stands for Internet Control Message Protocol. It is part of the Internet Protocol Suite, otherwise known as IP. See RFC 792. ICMP’s main purpose was to respond to errors for IP datagrams. Later, with the development of ping, ICMP was also used for network diagnostics. Often Ping and ICMP are used interchangeably. You know like Clorox and Bleach; Xerox and Copies; Kleenex and Tissues? However, Ping is essentially the tool and ICMP is the protocol that Ping uses.

 In conclusion, I would like to say Thank You to Mike Muss for writing this wonderful useful tool named PING! When I’m at work, Ping is my best friend.

 Sample output for a ping from a Windows system…

C:\>ping yahoo.com

Pinging yahoo.com [206.190.60.37] with 32 bytes of data:

Reply from 206.190.60.37: bytes=32 time=44ms TTL=40
Reply from 206.190.60.37: bytes=32 time=43ms TTL=40
Reply from 206.190.60.37: bytes=32 time=42ms TTL=40
Reply from 206.190.60.37: bytes=32 time=43ms TTL=40

Ping statistics for 206.190.60.37:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 42ms, Maximum = 44ms, Average = 43ms

So you need to make a change on a Cisco IOS device at a remote site and it could potentially create a problem on the device.  You need to return to the startup-config if the change doesn’t work. What is a Network Engineer to do? Cry? NO! Call remote hands and eyes? Maybe. Look for another job? No way!  Use the reload in x command. What’s that you say?  I call it a Network Engineer safety net.

So here’s the deal. Before you make any changes, make sure startup and running configs are the same. Next, type reload in x (whereas x equals the value in minutes it will take to reload the router).  Next, make your config change. Now, if your change fails (say you are changing the link speed and/or duplex and all goes to heck), in x minutes the device will restart and you are back in business.  If your change works, type reload cancel. Simple as that. Now you don’t have to whimper, call remote support, or look for a job. Cool deal. 

So, it has been awhile since I’ve actually put some technical stuff out on my blog. Well, I interviewed a guy today and he was asked about HSRP. Essentially he was asked…what can you tell me about HSRP? The guy didn’t know. So this is for you, Mr. Interview Guy. It’s something that you need to know when you interview for a Network Engineer position where the IT shop is mostly Cisco.

HSRP stands for Hot Standby Router Protocol. However, it is not hot nor is it a routing protocol. It is used for standby though. It’s not hot because, I just don’t consider technical stuff hot. It’s also not a routing protocol as it doesn’t advertise routes. So who the heck came up with the name? Some geeky router guy at Cisco back in the day I guess.

Now for the technical stuff. HSRP is a redundancy based protocol (the standby part) and is essential when designing highly available networks. (HA for guys in the trenches like me.) The design typically includes two routers (and can be more) and provides for a redundant default gateway. An interface is usually built on each router, each interface gets its own IP Address, and each interface also has a standby IP address in that same subnet defined. That standby is the same on each router. That standby IP address is the default gateway used by devices that are members of the network on that interface.  Multicast traffic is the method that keeps the two interfaces checking on each other and if one member goes away, the other member picks up the slack. Because you have more than one interface, one interface in the group has to be assigned priority and that’s the interface most traffic will use until there is a reason to failover to the other.  The standards based version is called VRRP (virtual router redundancy protocol). VRRP and HSRP do not like each other so you have to choose one or the other. Obviously if you don’t have Cisco, you will be using VRRP.

A config may look like this

Router Hot

Interface FastEthernet 0/0
ip address 192.168.1.2 255.255.255.0
standby 1 ip 192.168.1.1
standby 1 preempt
standby 1 priority 150

Router Not

Interface FastEthernet 0/0
ip address 192.168.1.3 255.255.255.0
standby 1 ip 192.168.1.1
standby 1 preempt
standby 1 priority 100

 Hope that helps Mr. Interview Guy!

A friend of mine sent me this link (thanks Mark).  Go to http://www.doxpara.com . The guy who runs this site most recently led the industry wide and possibly largest multi-vendor patch initiative since Y2K. Essentially a vulnerability was found in the Domain Name System (DNS) which could leave hackers to impersonate just about any website out there. His site also has a DNS tool so you can test to see if your ISP’s DNS is updated.

Here are the commands I use most when taking a look at routers…..

1. show running-config - when you need to see what the current config the router is running
2. show version - when you need to see IOS version, uptime, Flash size, Memory Size, and other useful details
3. show interface - when you need to see the status of the interfaces on the router; useful for troubleshooting as it tells you is interface is up or down, input and output errors, last time counters were cleared, interface speed and duplex, etc.
4. show ip route - routing table!
5. show arp - MAC addresses and IP addresses
6. show tech-support - when you need to see everything important (be sure to log your session to a file); always send a copy when opening a TAC case, they will like you better if you do so
7. show vlan - shows you all the vlans in your vlan database as well as ports assigned to them
8. show ip interface brief - when you need to see the connection status of a lot of interfaces at once (also shows the IP)
9. show flash - to see what files (actual IOS bin file) are in flash; also shows space available
10. show access-lists - when you want a summary of the ACLs you have configured
11. show cdp neighbor - let’s see what other Cisco gear is connected to me (cdp has to be enabled on connected devices)
12. show log - let’s look at the log files; helpful when troubleshooting of course
13. show clock - What time is it?
14. show users - who is connected to this device? good to use before writing configs to memory