Skip to content

How to flash Cisco Autonomous Access Point to Lightweight

The following method will enable a Cisco Aironet Autonomous Access Points to be converted into Lightwright mode by flashing the code. I have tested this on c1252 model but the same method should work as long as the models are supported by Cisco.

Download the recovery image and place it in the TFTP Server.
c1250-rcvk9w8-tar.152-4.JB6.tar

Remove the trailing .tar from the image filename, it should look something like the following.
c1250-rcvk9w8-tar.152-4.JB6

Set the Laptop IP Address as follows…
IP Address: 10.0.0.5
Subnet Mask: 255.255.248.0
Default Gateway: 10.0.0.10

Read more

Juniper SRX Config on PlusNet FTTC BT Infinity

The following JunOS configuration has been tested on PlusNet Fibre broadband running with external BT Openreach Modem. This setup should work with other VDSL/FTTC providers since they use the same underlaying BT infrastructure.

  • The configuration has been tested on SRX210H running JunOS 11.4R9.4 & 12.1X44-D35.5
  • BT Openreach modem connect to interfaces fe-0/0/7 on the SRX

Set the underlaying interface encapsulation to be PPP-Over-Ethernet.

set interfaces fe-0/0/7 unit 0 encapsulation ppp-over-ether

Set PPP Options with Authentication method CHAP.

If your ISP happen to use PAP Authentication method, then you need to reflect that.

set interfaces pp0 unit 0 ppp-options chap default-chap-secret YOUR-PASSWORD
set interfaces pp0 unit 0 ppp-options chap local-name YOUR-USERNAME
set interfaces pp0 unit 0 ppp-options chap no-rfc2486
set interfaces pp0 unit 0 ppp-options chap passive
Read more

SSH Automatic RSA Key login

The following method shows how to setup SSH Automatic RSA Key login with two simple steps. Create RSA key on LOCAL Host without a passphrase. ssh-keygen -t rsa Copy the RSA key to the REMOTE Host, while making sure the directory .ssh exists within the user’s home directory. cat .ssh/id_rsa.pub | ssh username@REMOTE.Host 'cat .ssh/authorized_keys' If you want to have this feature from both direction, you need to do the above tasks from both servers.

Shell Script to Split IP Address into Separate Octets

The following shell script splits an IP into separate Octets into its own variables. This method can be used for any script which needs to take each octet into account, such as generating firewall rules etc… #!/bin/bash echo -n " Enter the IP Address (Example: 192.168.160.0): " read IP oct1=$(echo ${IP} | tr "." " " | awk '{ print $1 }') oct2=$(echo ${IP} | tr "." " " | awk '{ print $2 }') oct3=$(echo ${IP} | tr "." " " | awk '{ print $3 }') oct4=$(echo ${IP} | tr "." " " | awk '{ print $4 }') echo "IP Address is $oct1.$oct2.$oct3.$oct4"

How to Configure Failover on Cisco ASA Firewall

Configuring a Cisco ASA firewall to achieve resiliency is straightforward. Implementing the failover feature in the firewall to be on Active Standby mode can achieved by the following commands.

Please note that it is not recommended to use the Management interface for failover purposes, especially for stateful failover in which the security appliance constantly sends the connection information from one security appliance to the other.

Furthermore, we have to consider the future implication of using such Management Interface, as you may be want to create a completely new network for the Out Of Bound (OOB) access where the Management Interface on each device will participate. Therefore, using a Management Interface might cause design issues in the future.

On this example below, I will be using GigabitEthernet0/5 on both devices as the Failover interface.

Read more

Gmail SMTP 2 Factor Authentication on OSX iMail

The following method has worked for me when it comes to sending emails via SMTP using Google Apps Account with Two Factor Authentication (2FA) enabled. I am sure this method can also be followed for regular Gmail Accounts. On Your Google Accounts Revoke the Application Specific Password for iMail Create a New Application Specific Password for iMail On Your Mac Go to Keychain Access and Delete smtp.gmail.com On iMail Change the Outgoing Mail Server (SMTP) by selecting the Edit SMTP Server List and click the Advance tab Make sure the Username is your Email Address and the Password is the one you have generated on the above step. iMail will prompt for the SMTP server confirmation along with a prompt for a password, make sure to use the one which was generated on the above list. Post your comments below with your views!

Border Gateway Protocol (BGP) as SDN Backbone

Border Gateway Protocol (BGP) is the core of Internet and yet its versatility is hardly utilised by majority of the networking community within a data centre environment. BGP is widely used by the service provides and also in conjunction with MPLS. In the introduction of Software-Defined Networking (SDN), the whole concept of network will change dramatically in the coming years; some could say it has already changed, and I agree. We will hardly be managing devices individually and it will become impractical to manage 100s or even 1000s of devices in a data centre architecture.

Why Border Gateway Protocol?

I will try and justify my views as how BGP would be the perfect candidate as a SDN backbone. However, other protocols will still tick some of the boxes but those won’t be able to tick every boxes as BGP does.

Versatility

I can’t think of a protocol which is versatile enough to handle control plane and data plane separate, yet when it comes to talking between control and data plane, it does it efficiently. After all, SDN is all about separating Control Plane from Data Plane.

Read more

Is SecureCRT worth it?

You are probably here becasue you have asked the same question as I did before purchasing SecureCRT: Is it worth me forking out $100 for a terminal emulator software?

This is probably one of the question every Network/Systems Engineer asks when it comes to buying a terminal emulator, or stick with freeware like Putty/TeraTerm etc on Windows, iTerm2 on Mac and Terminal on Linux.

There is a great post covered by Greg Ferro here, where he iterates that is it not good value for money. I do agree with him 100% where you could get such application on Mac App Store for around $25. However, when it comes to evaluating a software or any matter, one needs to consider the individual requirement before committing themselves financially to the purchase.

There are a number of questions I have asked myself before going ahead with the purchase…

Read more

4 Byte BGP Autonomous System Numbers

Like IPv4 Address space depletion, the 2-Byte (16 bit) BGP AS number is also running out. As per RFC4893 (BGP Support for Four-octet AS Number Space) 4-Byte Autonomous Systems (AS) numbers have been issued by the Regional Internet Registry (RIR).

2-Byte (16 Bit) Autonomous System Numbers
We have a total of 216 = 65536 Possible AS Numbers
Private AS Numbers: 64512 – 65534
Reserved AS Numbers: 59392 – 64511, 65535

4-Byte (16 Bit) Autonomous System Numbers
We have a total of 232 = 4,294,967,296 Possible AS Numbers
Any numbers ranging from 65536 to 4294967295 are considered 32Bit AS Numbers.

ASPLAIN
This is the IETF preferred notation of AS Numbers, where a 2-Byte AS Number such as 65535 is represented in the form of text in both command and CLI. Where a 4-Byte As number such as 65546 will be represented in the form of “65546”

ASDOT
As mentioned above, the ASDOT notation for the 2-Byte AS Numbers are represented in decimal format.
4-Byte AS Numbers is represented in the following format.

Read more