My first post in a while… I recently started using Cisco Modeling Labs Personal / VIRL 2 and noticed it had no Wireshark packet capture function, or a way to download pcap files. However, captures can be performed! This can be done using Netcat to stream the capture over the network. This example is on a Mac. First, we start a capture in our CML Personal Lab. This is done by selecting the link and navigating to the Packet Capture…
NordVPN is one of the more popular VPN providers. However, I couldn’t find any guides online for using their IKEv2/IPsec with Cisco IOS. This guide shows how to use EAP MSCHAP and certificate based authentication with NordVPN and IOS. I hope this helps others get their VPN running more quickly than I did. I had to upgrade the code on my router for this to work. I have this working on a Cisco 1941 running c1900-universalk9-mz.SPA.155-3.M5.bin. On older versions (early…
I had a requirement for running an iperf3 server in daemon mode. This needed to survive server reboots, and therefore start automatically at boot. This example might help network engineers that have limited linux skills (like myself). I took this example from DigitalOcean, but for the stopping of the service to work properly I had to add expect fork to the code. You’ll first need to install iperf3 on the machine. Once iperf3 is installed place the following code in…
I had a problem when upgrading from 5.1.0.44 to 5.2.0.26. I’d see the following: Saved the running configuration to startup successfully Then the CLI would just hang, after an hour I CTRL+C ‘d out of it. Stopping the ACS process and re-running the install fixed the issue. ACS/user# application stop acs Stopping ACS. Stopping Management and View…………………………………………………… Stopping Runtime…………………… Stopping Database………….. Cleanup…. ACS/user# application upgrade ACS_5.2.0.26.tar.gz repo Do you want to save the current configuration ? (yes/no) [yes] ? Generating…
I couldn’t find any instructions online on how to launch an AWS EC2 instance from an iPad or iPhone. The problem is generating an RSA key from an iPad. The AWS web interface doesn’t lend it’s self to allowing iOS devices to download the private RSA key. It turns out you can generate an RSA key pair with the free Serverauditor SSH client for iOS. Heres how… Open up the Serverauditor app on your iPhone / iPad and select ‘Keychain’…
I saw a fantastic deal on a Cisco 1861 SRST on eBay, so decided that our home needed one. Beautiful, isn’t it? After registering for a new Sipgate account and using the config from www.netconf.co.uk, I found that the new user IDs couldn’t be entered into CME as a ‘clid network-number’. Cisco IOS only takes a numerical value as the ‘clid network-number’ but Sipgate user IDs have a letter in them. As a workaround for this, I manually amended ‘From’…
I had difficulty finding an IOS version that would run MPLS on my 2611XM routers with 96MB RAM and 32MB flash, so thought I’d post the version that I’ve had success with. The image that worked successfully was c2600-jk9o3s-mz.123-24.bin. The routers are connected together on Fa0/1 on each router. Fa0/0 goes up to an ESXI box running two IOS XRv PE routers. It’s interesting to watch modern MPLS applications run over these old routers. Due to the age of the…
I couldn’t find much information on how the Bootstrap Router hash function is calculated. Most sources teach that the mask dictates how much of the group IP address is used in the hash calculation and that the RP IP address that returns the highest value from the BSR hash algorithm becomes the chosen RP for that group, but don’t give detail on how the BSR hash is calculated. I found the following algorithm in RFC 4601: Value(G,M,C(i))=(1103515245 * ((1103515245 *…
Unicast flooding problems, usually associated with switched networks, can also impact VPLS. If traffic is forwarded asymmetrically through a VPLS instance, unicast flooding of unknown frames can occur. I’ll step through a scenario where this could happen. I set a LAB up with two CSR 1000V routers acting as PE routers, providing a VPLS instance. GNS3 was used to run the IOS routers acting as CE and C routers. In this scenario we could imagine that CE3 and CE4 are…
The purpose of the MPLS MRU (Maximum Receive Unit) is to indicate the maximum size of a packet, including MPLS labels, that the local router router can forward without fragmenting. MRU is only locally significant. If an incoming packet belonging to a particular FEC (Forwarding Equivalence Class) exceeds the MRU calculated for that FEC, the packet will require fragmentation prior to it being transmitted on the outgoing interface. The MRU for each FEC varies depending on the MTU of the…