Enterasys x Cisco IOS cheatsheet

Yeah, now that I collected them, a lot look kinda silly to list. Whatever... :)

show neighbors	show cdp neighbors
show neighbors -verbose	show cdp neighbors detail
show running	show running-config excluding L2 info
show config	show runnning-config
show mac	show mac address-table
show arp	show ip arp
show ip ospf *	several show ip ospf commands
show ip route	show ip route
show port status	show int status
show port egress	show int trunk
sh port lacp port *.*.* status sum sort lag	show etherchannel summary
show lacp	show etherchannel
show vlan	show vlan
show port vlan	shows access vlans
show port alias	shows interface descriptions
show ip address	show SVIs, loopbacks and L3 interfaces info
show ip vrrp	shows FHRP info
show logging buffer	shows log messages
| include	|find (no spaces between | and find)

If I find more interesting ones I will update this post.

Native Wireshark interface on OSX! Finally!

Cool news,

The Wireshark devs released a new 1.99 dev release with native OSX UI support.

No more X11 glitches!

Go and download: https://www.wireshark.org/download.html

Narbik's CCIE R&S v5 Official Cert Guide, volume 1

CiscoPress released last month the updated CCIE R&S Official Cert Guide, for the v5 blueprint. After two lab attempts, I thought it would be a good idea to refresh on reading a bit and give it a cold start.

I am still reading the EIGRP chapter and boy, the book is great. The previous v4 book (not written by Narbik) was, in my opinion, a large topic list, as if the author simply decided to peruse the old blueprint and write a few paragraphs about each topic.

In this book Narbik (and co-author Peter Paluch) decided to take a different turn and give readers the inner workings of the topics. Was it exhaustively explained in other books (CCNP and so)? Yes. But not the same way and not the same depth. It sincerely feels like the authors know that for example, EIGRP's FD is very commonly misunderstood. And they go down the guts to make it clear. It is very refreshing (and I admit I misunderstood FD). The text is dense sometimes, but it is welcome.

Only the first volume has been released as of writing this post. It is a great book for any R&S professional. As I always like to say, the key to study for certifications is studying only the necessary, so if you are studying for CCNA/CCNP, just don't go that deep yet, keep it simpler while you can. But if you already work with it, the information in this book is highly useful.

Network Tools and Friends, or, what I have installed on my Work laptop.

These are the network tools I find useful to have installed in my Work laptop.

I always miss having a checklist when I decide to fire up a new VM/laptop, so here it is.

The tools below are my personal choice. They're not all Network Tools per se, but you cannot do any proper work without them, so I included them anyway.

Most of these have equivalent/superior GNU/Linux variants. Except for fucking diagrams where nothing is really useful. No, Dia is not good enough, until it can edit Visio XML at the very least.

Most Linux tools are available on OS X via MacPorts. I understand the old cygwin can provide a framework to install the same tools on Windows, and maybe a lot of them have directly ported text Windows versions. In my book, you only need them if all you have available is Windows. Windows is the last option for me, when all others are not available.

My current work laptop is a Mac. I run VMWare Fusion with Outlook and Visio in it. Simply because Outlook for Mac is horrible and there are many really big visio files that corrupt once converted to OmniGraffle format and I cannot get them back to Visio XML. MS you are a motherfucker.

I used to have a large Linux tools library, but it's been like 3 years since I last used GNU/Linux as a desktop, so I forgot most of them.

I do not support nor use pirated software. That's my life, if you think otherwise, save yourself time and don't bother discussing it with me. It's a dead end.

* Marked OS Neutral items aren't available for Linux, unfortunately.

OS neutral
Wireshark
SecureCRT / PuTTY / KiTTY
GNS3 / IOU

Filezilla

Evernote
Firefox / Chrome
Dropbox
Adobe Reader
VirtualBox
Java
TeamViewer
Gimp
MS Office* (Sorry, no LibreOffice in my list)
1Password* with Dropbox sync
tor (basically to test a random incoming connection from somewhere in the Internet)
iperf / jperf

Windows
tftpd32 by Philippe JOUNIN
Notepad++
MS Visio
VMWare Workstation
Meld
cygwin (just because)

OS X
MacPorts
OmniGraffle
TextEdit/SublimeText2
iTerm2
Cyberduck
Dig interface by EmbeddedSoft.ca
VMWare Fusion
Kaleidoscope
TftpServer
WifiExplorer


Linux
GEdit / VIm
lftp
irssi
Dia (I really hate it)
screen / tmux (tmux is cool, I can log sessions way easily with it)
iftop
tshark
tcpdump
tftpd (any variant will do, whatever the distro offers)
ftpd (generally vsftpd, but same rule as above)
syslog-ng or any variant that allows incoming udp syslog messages
nc (netcat)
watch
smokeping / fping / hping / arping
ettercap

OSX Mavericks, GNS3 and IOU VM working together!

I won't get into many details, this is mostly an annotation in case I need to do it again in the future.

This setup is using OSX Mavericks, GNS3 latest stable (aye, not the prerelease, it is not relevant yet), VMWare Fusion and the iou-web CentOS VM.

(btw, this blog is no helpline. Do not try to contact me to ask me how I did it. Study my steps and search the Internet, this is more than enough help)

Part 1 - GNS3

• OSX Mavericks - Install tuntap opensource driver.
• GNS3 - run the binary as root. No help running 'sudo /Applications/GNS3.app', you need to run the GNS3 binary inside the app.
• Create the topology inside GNS3, insert a cloud, insert a NIO TAP with full device path, ie, /dev/tap0.
• After you connect that cloud port to a GNS3 device (I suppose you will connect it to a GNS3 switch, but whatever), the GNS3 will try to spawn the /dev/tap0, hence the root privileges. 
• Check via ifconfig if the port exists. If it exists, create a new bridge interface and add it and whatever interface you want to the bridge.

    sudo ifconfig bridge1 create
    sudo ifconfig bridge1 up addm tap0 addm en0 addm vmnet3

Notice that if your GNS3 sessions is lost, you have to rebind the tap0 nic to the bridge, since GNS3 will destroy the tap0 with it.

• Now, a good test is in order. Fire up a GNS3 device connected to the cloud, put it in DHCP client mode, let it get an IP address. Ping the VMWare hypervisor, knock yourself out. First part is done.

Part 2 - IOU

Now on IOU, it was fairly easier, but the frakking software has the same verbose level as some morons I know. There were two catches.

• 1st catch, create or use any vmnet besides the one assigned to eth0. eth0 is hardcoded, so you cannot use it. I created a vmnet3 host-only network with a dhcp server and no authorization required for promiscuous mode. I read in some reports promiscuous mode is important. In any case, I had to enable the eth1 interface manually, and since I was there anyway, I added the promiscuous mode and got a DHCP client lease for it. As a good testing point, I pinged the routers inside GNS3 and it worked. The ping from the other side worked, well, just in case.
• 2nd catch, it was damm hard to find it. Because frakking ioulive86 (sorry, your software is great but could use some more verbosity) simply spat "no mapped ioulive86 instance found" and that was it. I was about to drop it and take a shit in name of my incompetence when I decided to create a new NETMAP entry and put the cloud line below the first line. What gives, it worked. So the caveat maybe is just that it needs to be on the second line of the NETMAP. I did not write it, I dunno what could be wrong. Maybe it just needed and line feed, whatever. It works. That is why I left software dev. I hate hasty code.

So, rants aside. With the cloud finally starting up on IOU, it was just a matter of repeating the same steps. Put an interface in dhcp client mode, enabled it and voilá, it got an IP address via the vmnet dhcp server. Pings at will and everyone is happy, I will now shit in honour of my greatness.

Conclusion

I have no idea why the heck I took all this trouble. I mean, that was a lot of work to get a lot of buggy  software to work. Yet, that is how people study when they don't want to spend money on rack rentals right? It might come in handy. I was actually trying to see if I could do it. Just to see if I could make it work or not. And yes, the brownload is ready to start.

(my mood is awesome).

Algorhyme

Wow, I cannot believe I never published this poem before...

It is as old as STP itself, in fact, this is part of the original paper by the very impressive Madam Radia Perlman, known as the author of the protocol. If you never read, the must-read book on STP is this. Unfortunately, it is a print-only book, the only digital edition available is on Safari. As I really don't dig into the Safari format (they charge too much and you never get the full download version in one piece), I won't recommend it. Thus you are left with some badly formatted pirated copy or the physical book. It is a pity they do not review this stupid policy. We are in the decade of all-you-can-download subscriptions, it's time O'Reilly understands this. AAANYWAY, sorry about the rant.

Here follows,

Algorhyme

I think that I shall never see
A graph more lovely than a tree.

A tree whose crucial property
Is loop-free connectivity.

A tree that must be sure to span
So packets can reach every LAN.

First, the root must be selected.
By ID, it is elected.

Least-cost paths from root are traced.
In the tree, these paths are placed.

A mesh is made by folks like me,
Then bridges find a spanning tree.

—Radia Perlman

Quick Rant - vHub

A very quick rant about something I have been saying a couple months already.

It is not a vSwitch. It is a vHub.

People call it vSwitch but it is a very dumb switch.

A vHub is waaaaay more appropriate.

That's it. I'm gone!

Cisco Prime Infrastructure material.

So,

Cisco Prime Infrastructure. I have been aware of the tool it's been a couple years already. And man, its hard to find good information about it.

I found it out today. Probably exists for a long time, but I never saw it before.

Cisco's Prime Youtube Playlist.

Go there and grab your favorite youtube ripper. Download it all to your favorite tablet whatever and get some coffee. It will take you long, but probably that is the only source of good information about it.

There are some PIW in French in PEC. There is a lot of shit in PEC anyway. Trouble is it sucks to search for anything in there.

Ah yes, there's the official training, which according to the Cisco forums, is not really available anywhere in the world as of this rant.

And of course, there is the Cisco DOC-CD.