The Stupid Engineer

I ask those questions you're too clever to.

Simple Bash Ping Script

Been looking for something like this for a while:

http://etherealmind.com/tech-notes-ping-sweep-ip-subnet/

for i in `seq 1 255`; do ping -c 1 192.168.1.$i | tr \\n ‘ ‘ | awk ‘/1 received/ {print $2}'; done

I usually use nMAP for this, but in some instances you may not have access to it. For those times, Bash should work really well.

Android Bugs

I have a little Samsung Galaxy S2 which is a perfectly adequate phone. I use the Google Apps on it to keep some semblance of order in my life. However, I run into some occasional bugs which require a bit of work to solve. So I’m putting in the fixes here so they’re easily available.

1. Weather widget displays an incorrect location. Documentation date 03.11.2014
This is fixed by going to Settings->Application Manager and performing a forced stop on the TouchWiz Home application.

2. Lockscreen displaying an incorrect location. Documentation date 03.11.2014
First I thought this was related to the first problem. However, this can be fixed by going to Applications->Security and changing the location detection to refresh automatically. It looks like adding a new city in the weather widget updates the location in the lockscreen, but removing it doesn’t force an update to the lockscreen.

More bugs will be documented here as they’re found.

Fun With Optics

I recently had a deployment where we needed to connect Cisco 6500s to Juniper MX960s.

There was a lot of confusion surrounding what fibre and optic modules needed to be used, so I’m documenting the initial state and the successful state here.

Initially, the Junipers had the following model numbers used for the optics:

XFP-10G-LR (identified using a “show chassis hardware”)

The 6500s:

10Gbase-SR

Interestingly, one of the links came up between the devices, while one did not. I tried swapping the cable (Single Mode) for Multimode for the non-working link, and that did not fix the issue. We then swapped the Cisco optic for an LR optic and used Single Mode fibre which did the trick.

Confusingly for someone from a Cisco background like me, the Juniper optic was labelled  XFP-10G-L-OC192-SR1. I assumed the SR stood for short reach/range (it does) and tried to use Multimode fibre, as you would with Cisco SR optics. However, it turns out that the Juniper SR optic in this case used Single Mode fibre as its interface.

It is documented in this handy link here, which turned up with some Googling.

The confusion stems due to the reference to Short Reach differing between Cisco and Juniper. I need to figure out a simpler way to ID the type of fibre to be used. Perhaps using the core:cladding ratio is the best way? 9:125 micro meters seems to be what is used for SM fibre.

Quick’n’dirty Nslookup BASH Script

I’m always wondering if the addresses I’m assigning to interfaces aren’t already in DNS. So I came up with a little BASH script that takes a list of IP addresses and performs an nslookup on them to ensure they’re not in use already:

$nslookup < input-filename > output-filename

The addresses in the input file are carriage return delimited.

A better use for this would be to check if DNS entries already have an IP address assigned to them.

The 5 Year Plan

I was recently asked what my 5 year career plan was and whether I wanted to go down the architect route. It threw me a little bit because I’ve never really been a 5 year type person. I have real trouble seeing where I’ll be beyond a year to 18 months.

So, this is my attempt to try and put something together. It doesn’t hurt to have a plan right?

Ideally, you need a short, medium and long term plan. A couple of these could be tech related (e.g: get to CCIE), but the pace technology moves at means the longest term one (if it’s longer than 3 years could well have moved goalposts, or died out). So, without ado, I give you the 3 – 6- 12 – 24 – 36 plan. Or 3,6,1,2,3 plan. This is my way of putting down what I want to have achieved in the next 3-6 months, year, 2 and 3 years.

3-6 months: Get my CCNP Security finished with, and maybe another associate level non-Cisco vendor certification.

1 year: Complete my CCIE written and be on my way to lab revision.

2 years: Completed, or have attempted the CCIE lab once.

3 years: Who knows? CCDE? Become a technical leader? Or become professional level qualified with another vendor?

I don’t know how feasible these things are, but I’ll have a go.

Configuring SNMPv3 On NX-OS

We’re currently trying to allow a client to perform an operation using SNMP set commands on a Cisco NX-OS switch (namely a 5548).

It’s possible using SNMPv2c and community strings, but this does not generate a log message, making it completely unaccountable. SNMPv3 seems to have the answer. According to the documentation, it provides:

  • Integrity
  • Encryption
  • Authentication

I’ve tested using a set operation to change a MIB using the following command:

snmpset -v 3 -u test -l authpriv -a MD5 -A Testpass01 -x DES -X Testpass01 hostname system.sysLocation.0 s TESTLOCATION

Which works fine.

However, the problem arises when trying to back off the authentication of the SNMP operation to TACACS/RADIUS. My interpretation of the documentation suggests this is possible. My Cisco SE has not denied it either. However, I reckon some changes need to be made to the authentication server. According to what I’ve read:

You can use the VSA cisco-av-pair on AAA servers to specify user role mapping for the Nexus 5000 Series switch using this format:

shell:roles="roleA roleB ..."

If you do not specify the role option in the cisco-av-pair attribute, the default user role is network-operator.

You can also specify your SNMPv3 authentication and privacy protocol attributes as follows:

shell:roles="roleA roleB..." snmpv3:auth=SHA priv=AES-128

The SNMPv3 authentication protocol options are SHA and MD5. The privacy protocol options are AES-128 and DES. If you do not specify these options in the cisco-av-pair attribute, MD5 and DES are the default authentication protocols.

So, it looks like using an SNMPv3 set operation authenticated to TACACS/RADIUS will require additional specification of SNMPv3 authentication and privacy protocol parameters, and the corresponding role mapped to the user trying to perform the SNMPv3 operation.

OSPF Summary Routes and BGP

Recently I was in a situation where I needed to advertise some OSPF routes created using the area range command into BGP. When advertising routes into BGP there are a few considerations:

  • Does the routing table know the exact route you’re trying to advertise into BGP?
  • Is any route filtering being performed? Don’t forget to check at the source of the BGP route and the destination it’s being advertised to!
  • Is soft-reconfiguration supported on the software you’re running?
  • Will you need to do a “clear ip bgp neighbor”? Seems IOS 12.4 doesn’t require it but 12.2 does. I tested 12.4 on GNS3, and 12.2 on a live 6500.

Using the area range command will automatically generate an OSPF intra-area route to Null 0 IF the router the command is issued on is an ABR. This is visible here:

Switch#sh ip route 10.253.0.0 255.255.240.0 
Routing entry for 10.253.0.0/20
Known via "ospf 1", distance 110, metric 0, type intra area
Routing Descriptor Blocks:
* directly connected, via Null0
Route metric is 0, traffic share count is 1

This route will not be created on a non-ABR router, so watch out if you’re using single area OSPF. You’ll need to create a static null route to the summary range  you’re trying to advertise on a non-ABR router.

Anyway, I was trying to clear up whether BGP would take an auto-generated null 0 route for a network advertisement. Seems it will!

Follow

Get every new post delivered to your Inbox.