Tag Archives: Cisco lab

Terminal Server and the iMac

This weekend I decided to move tidy the office up and move my small rack. If you follow the blog, then you know I have recently upgraded my PC to a 2008 iMac. This has caused me a few issues with the Apple hardware not being quite the same as PC hardware, however, most of these have been minor and easily fixed.

One issue that has vexed me more than most, was the keyboard. The keyboard is not a standard layout with standard keys; being Apple it has a few extra keys and some missing keys.

This raised its ugly head again when I fired up the rack to check it. This was the first time I’ve used it since getting the iMac. The rack roared into life (those fans can get loud) and I telnet into my main Ethernet switch and frame relay switches – so far so good.

Next I set up the terminal emulator (I’m using GtkTerm), connect to my USB to serial adapters and make sure I can communicate with the terminal server and my PIX box. Check – so far so good.

Once in the terminal server, I connect to my first router – all good but then I realize that I can’t back out, back to the terminal server. On a PC, you can use CTRL + ALT + 6, then X.

The Apple keyboard has no ALT key …

After a few minutes of messing about and trying things, I figured out that CTRL + OPTION + 6 then X works. Now I am back on track.

 

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

Mac OSX and Serial Communications

If you use a MAC and need to communicate with routers and switches, how do you set up serial communications on OSX?

I’ve been working on this issue for a little while now and have come to the conclusion that almost none of the MAC software for serial comms is worth a damn. I mean, it just doesn’t work!

What does work though, is the screen command. Here is what I did to get serial comms finally working. In my case I had some USB to serial converters that I connect to my blue roll over cable. Plug those into a USB hub or directly to your Mac, and then:

Open a terminal and navigate to /dev.
Have a look at the tty.* entries and find your serial converters.

Tonys-iMac:~ tony$ ls /dev/tty.*
/dev/tty.Bluetooth-Modem /dev/tty.usbserial-FTGNN8H1
/dev/tty.Bluetooth-PDA-Sync /dev/tty.usbserial-FTGRHGY7

The serial ports appear twice in fact, once as tty. and once as cu. :

tty.usbserial-FTGNN8H1
cu.usbserial-FTGNN8H1

I’m only interested in the tty version. Now that I have the serial port names, I can:

screen /dev/tty.usbserial-FTGNN8H1

Then I can open a second terminal window and issue:

screen /dev/tty.usbserial-FTGRHGY7

Lo and behold, I am talking to my Cisco boxes. No configuration required!

Screen Shot 2013-10-14 at 12.23.37 PM

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

More Handy IOS Commands

I was re configuring my 2950, and wondered why I couldn’t delete a VLAN. There is a database of VLANs that resides on the flash drive, and is used to keep the VLAN configurations. If this file is not purged, the VLANs will not be deleted. So lets take a look at some commands that allow us access to the Flash drive.

The show and directory commands

This was an odd one; you can issue a show flash: to see the content of the flash drive, but my version of IOS only covers the flash drive. To see the nvram, you need to issue a dir command.

sh flash: gives this output:

s2950#sh flash:
Directory of flash:
 2 -rwx 109 Mar 01 1993 00:01:46 +00:00 info
 3 -rwx 270 Jan 01 1970 00:01:48 +00:00 env_vars
 7 -rwx 3086328 Mar 01 1993 00:03:22 +00:00 c2950-i6q4l2-mz.121-22.EA2.bin
 8 drwx 3968 Mar 01 1993 00:03:52 +00:00 html
 341 -rwx 109 Mar 01 1993 00:04:20 +00:00 info.ver
 343 drwx 128 Mar 01 1993 00:00:12 +00:00 crashinfo
7741440 bytes total (3170304 bytes free)
s2950#

Where as dir all-filesystems gives us this:

s2950#dir all-filesystems
Directory of flash:/
 2 -rwx 109 Mar 01 1993 00:01:46 +00:00 info
 3 -rwx 270 Jan 01 1970 00:01:48 +00:00 env_vars
 7 -rwx 3086328 Mar 01 1993 00:03:22 +00:00 c2950-i6q4l2-mz.121-22.EA2.bin
 8 drwx 3968 Mar 01 1993 00:03:52 +00:00 html
 341 -rwx 109 Mar 01 1993 00:04:20 +00:00 info.ver
 343 drwx 128 Mar 01 1993 00:00:12 +00:00 crashinfo
7741440 bytes total (3170304 bytes free)

Directory of nvram:/
 27 -rw- 3092 <no date> startup-config
 28 ---- 5 <no date> private-config
32768 bytes total (29619 bytes free)

Directory of system:/
 2 dr-x 0 <no date> memory
 1 -rw- 2938 <no date> running-config
No space information available

 

The more command

The more command is used to view text files and other than the IOS image itself (which is compressed) most of the files appear to be text files.

The syntax is more [where]:[what]

For instance, more flash:text.dat will show you the contents of the file text.dat.

The erase command

Erase allows you to erase and entire drive, for instance erase:nvram will erase all files stored on the nvram. This can be both very useful and very dangerous. I’ve used it for erasing configs, by just clearing the nvram completely, however the command erase:startup-config also works in that specific case.

The delete Command

Delete uses the same syntax as the show command and allows the deletion of files on a file by file basis. For instance delete flash:config.old would delete the file config.old.

There are other file handling commands, this list is not exhaustive, however, I haven’t had a need to use them yet. When I do, I’ll be sure to write about it.

 

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

Cisco Hardware and IOS.

Lets take a little time to check out the Cisco hardware and operating system IOS. One of the reasons I went with building my own small rack was so that I could be familiar with the quirks and foibles of the Cisco hardware and OS. While there is no problem with simulators and emulators, sometimes there is no substitute for having the gear right in front of you.

For example, one of the faults I recently had involved a power cable. That is the sort of trouble shooting that simulators really don’t do that well. And well, all those flashing LEDs are somehow magical!

And with that, lets dive in to the hardware.

The Boot Sequence

The first thing you are going to do with your new pieces of Cisco hardware is plug ’em in and turn ’em on! So what happens when you do that? There is a clear boot sequence that all Cisco routers and switches run and in many ways it is just like your own PC in terms of what it does, although some of the terms used may not be all that familiar.

bootThis is the Cisco graphic for the boot sequence. The first thing your router or switch does is check itself  – does everything work? This is called POST (Power On Self Test) and is run out of the ROM monitor code.

Once the POST passes, the bootstrap part of the ROM code goes and looks for the operating system.

The OS could be in one of two places; the Flash or an external TFTP server. Flash is ‘essentially’ the same as your PC hard drive; someplace to keep the OS. If the OS is not in Flash, the bootloader will look for any TFTP servers (Port 69, UDP) that might have the OS image. Once it finds an image, it will load that image in RAM. Things run faster, much faster from RAM.

If however there is no IOS image, the bootloader fails and drops back into ROM MON mode. This is the monitor code, run out of ROM (like the BIOS on a PC) and it can be used to load IOS, and do basic troubleshooting IF the OS doesn’t load. ROM MON is also the mode you drop into if you interrupt the IOS loading and can be used to wipe passwords and configurations from the system. This can be extremely useful if you ever buy used equipment!

Once the IOS loads into RAM, the IOS takes over and goes looking for the initial configuration file. It checks NVRAM and if there is no config file there, it will check to see if there is a TFTP server with a config file. NVRAM is like your C drive – its where you keep handy files, like config files. If a config isn’t found, it will drop into configuration mode, which is the mode it drops into when you power up a new machine, or wipe a used machine of its config.

So the beast lives, what now?

Lets hook up your computer to the console port and see whats going on in that box. To do this, you need a console cable.

console+cableHere is a handy picture of one. You see the problem right away don’t you? Chances are, if your computer, be it a laptop or desktop, is even remotely modern, it doesn’t have a serial port and that DB9 won’t plug into a USB port, so you will need a USB to serial cable. There are quite a few around and they are cheap.

Once you have that connected, you can hook in via terminal emulator. Now I am a linux guy so you windows folks are on your own here, but I’m guessing you will use Hyper terminal. What ever you use and how ever you do it, you need to make sure your serial port settings are correct.

  • 9600 / 8 / N / 1 – for 9600 baud, 8 data bits, 1 stop bit, no parity.

Hit return a few times and lo and behold, you should see signs of life. Probably the config questions or if the box is used, some configuration with some crazy looking hostname and perhaps a password requirement. Time to hit Google up for instructions on how to wipe and reconfig.

Once you have an open router or switch, meaning you can get in and type commands, we should discuss modes. IOS has various modes of operation, designed to keep us from inadvertently messing with the config. Now I know that sounds counter intuitive because we intend to mess with the config as much as possible, but in a production environment, this is exactly the kind of safeguards you need.

User Exec Mode

  • Indicated by the > prompt
  • Very limited commands

Use of the command enable will get you into: (enable might be password protected depending on configuration)

Privilege Mode

  • Indicated by the # prompt
  • Allows all verification command (like show)
  • Good for trouble shooting and verifying correct operation and configuration

Using the command configure terminal (or conf t) gets you into:

Global Configuration Mode

  • indicated by a (config)# prompt
  • from here, all other config modes are available
  • Changes can be made to configuration files

And remember kids, once you have written your new configuration (copy run start), try a reload command.

A few more things that might come in handy

The privilege and global config modes can be password protected to prevent unauthorized access.

enable secret will protect privilege mode
enable password will protect global configuration mode.

There are other ways of protecting your cisco hardware like adding logins to the console port and using SSH and telnet (with logins) but that will be discussed later.

When in any config mode, end will take you back to privilege mode

exit takes you back one mode

<ctrl> z backs you out from global config to privilege mode and writes your last command

<ctrl> c exits global config and does not apply the last command.

System lights

Catalyst-2950-24It took me a few weeks before I realized what the little mode button did on the front of the switches and I thought it worth highlighting simply for that reason. This may help with troubleshooting too.

The lights on the front of the switch have 4 modes:

  • Stat (default) – – shows usage
  • Util – – shows utilization
  • Duplex – – shows full duplex
  • Speed – – shows port speed.

Pressing the mode button will cycle you through these modes.

The system light should glow green for a good system. If it doesn’t glow green, its time to panic!

The RPS light should be off. It stands for Redundant Power Supply, so unless you have a redundant PSU, its not something you need to worry about.

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone

Cisco Lab Terminal Router Configuration

Running a teminal router in your Cisco Lab is a good idea. It saves you time in switching between boxes, and frankly you might find these used in real life so a passing competance with them is a good idea. In my lab, I had a Cisco 2509 router which comes with one Ethernet port, two high speed serial ports and an 8 port asynchronous interface – for the famous Cisco octal cable.

So here is the configuration that I used. I have blanked out the passwords just for security sake.

tserver#sh run
 !
 version 12.0
 service timestamps debug uptime
 service timestamps log uptime
 service password-encryption
 !
 hostname tserver
 !
 !
 username tony privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxx
 clock timezone eastern -5
 ip subnet-zero
 no ip domain-lookup
 ip host r2620 2004 192.168.2.11
 ip host r2610 2003 192.168.2.11
 ip host s2950 2002 192.168.2.11
 ip host r1721 2001 192.168.2.11
 ip host s3550 2005 192.168.2.11
 ip domain-name pickett.com
 !
 !
 !
 !
 interface Ethernet0
 description Connection to home network
 ip address 192.168.2.11 255.255.255.0
 no ip directed-broadcast
 !
 interface Serial0
 no ip address
 no ip directed-broadcast
 shutdown
 !
 interface Serial1
 no ip address
 no ip directed-broadcast
 shutdown
 !
 ip default-gateway 192.168.2.1
 no ip http server
 ip classless
 !
 banner login ^C
 ****************************************************************
               No Unauthorized Access
            seriously, don't login here
 ****************************************************************
 ^C
 !
 line con 0
 exec-timeout 0 0
 logging synchronous
 login local
 transport input none
 line 1 8
 no exec
 exec-timeout 0 0
 transport input telnet
 line aux 0
 line vty 0 4
 exec-timeout 30 0
 logout-warning 120
 logging synchronous
 login local
 transport preferred telnet
 transport input telnet
 transport output telnet
 !
 end

But does it work?

Well it does appear to. I can login via the console line, I can also login via telnet. A couple of things worth pointing out:

line con 0
 exec-timeout 0 0     -  - No time out to close this login
 logging synchronous  -  - prevents IOS output writing while the use is inputting text
 login local          -  - requires a local login and password
 transport input none

You might also notice the exec-timeout 0 0 on the async line ports too. This means I don’t get logged off of my own routers and switches. Given that this is a home lab and not a production environment, I see no security issue with this.

tserver#sh line
 Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
 * 0 CTY - - - - - 6 1 0/0 -
 1 TTY 9600/9600 - - - - - 3 1 0/0 -
 2 TTY 9600/9600 - - - - - 1 27 0/0 -
 3 TTY 9600/9600 - - - - - 1 0 0/0 -
 4 TTY 9600/9600 - - - - - 1 0 0/0 -
 5 TTY 9600/9600 - - - - - 1 6 0/0 -
 6 TTY 9600/9600 - - - - - 0 0 0/0 -
 7 TTY 9600/9600 - - - - - 0 0 0/0 -
 8 TTY 9600/9600 - - - - - 0 0 0/0 -
 9 AUX 9600/9600 - - - - - 0 0 0/0 -
 * 10 VTY - - - - - 8 0 0/0 -
 11 VTY - - - - - 0 0 0/0 -
 12 VTY - - - - - 0 0 0/0 -
 13 VTY - - - - - 0 0 0/0 -
 14 VTY - - - - - 0 0 0/0 -

… and of course, actually calling up the connections and writing configs for the connected devices does indeed seem to work.

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookShare on RedditShare on StumbleUponEmail this to someone