Posts Tagged ‘Juniper’

No doubt every engineer has their own twist on coding something to better automate configurations and deployment on networks; however, with the every increasing pace of release changes to current software sets installed on some vendors hardware, the workload to keep your scripts updated can become your full time job. There will always be two schools of engineer: the home brew and the purchased software schools, each one with their own compelling reason to use the other and why the other is wrong. I, personally, prefer the purchased software route with a small dash of home brew scripts to accomplish my job, very small. I’ll outline some experiences I’ve had in the past where both moving towards the use of purchased software solved the many problems the home brew scripts were giving us and how a small, but powerful, set of home brew scripts gave us complete control over the network from building, deploying, operating, and debugging. Read the rest of this entry »

Yup, they have something similar now, here is the skinny:

path flash1:
maximum 14

Now, before you make a change, issue this command:

configure terminal revert timer <1-120> <--- in minutes

Go ahead and make your changes, if you get disconnected, it will rollback the configuration in the amount of time you selected.

If the configuration works and you want to commit the changes:

configure confirm

That's all folks, a "commit confirmed" for Cisco IOS.

Quite often I hear people reference the Native VLAN and they’re unsure what exactly they’re talking about. In the RFC standards “Native” is considered an “Untagged” VLAN on a port and that is the preferred terminology. So, this is really simple, “native” means “Untagged” because on each Cisco “Trunk” port you can have a different native VLANs on each Cisco “Trunk” port. Thus, the concept of a native VLAN isn’t always VLAN 1 it is just a convenience that VLAN 1 is the default VLAN on Cisco switches when they’re unpacked and that confuses most people. In reality, you won’t have an untagged port on a Cisco trunk because you’d rather have all inter-switch traffic tagged to prevent VLAN-hopping.

A quick tidbit of information useful in troubleshooting and interviewing and reviewing the logs (if you can) before you start hacking away at the issue. It makes no sense to start diagnosing an issue if you have logs that can, hopefully, tell you what was going on before and after an event that caused an outage. For instance, if your wireless just decides to go down you may want to look at the lgos in the AP (autonomous mode) or the controller (Controller mode) and see what was happening. Given there is enough verbosity in the logs it should tell you what happened and you can take corrective measures. This applies to interviews because people always ask “What are your steps to figuring out what happened?” I always start with: I check the logs.

I recently got into a facebook debate with someone about experience versus debate. The opponent was a public sector employee and had been their entire life. However, it got me to thinking about this subject and it brings up a valid point about certifications and real life experience. I have seen first hand, from previous employers, that you can get someone who can sit for classes for a certification and knock out multiple certs in a year; however, are they really useful? In my opinion, probably not because anyone can take a cram class and the next day, or that day, sit for the exam and pass because the answers are fresh in their heads. The question to ask is: do you really understand the material and technology? Read the rest of this entry »

Classful routing/networking is no valid into today’s CIDR (Classes Inter-Domain Routing) networks; however, it seems that people are still over using the classful terminology almost interchangeably. The concept of classes in network is obsolete and should no longer be used when referencing network subnets because classful routing has defined network ranges that make them classful and CIDR does not. Read the rest of this entry »

I get this a lot in my field “I cannot ping the server, it must be down or a network issue”; however, I can log in and telnet to the machine and even RDP/SSH into the machine. Why is this? Simple, the machine is not responding to ICMP ECHO REQUESTS which is default behavior for some systems. Windows 7 and Windows server 2008 DO NOT respond to ping by default because their internal firewalls are set to NOT respond to ICMP ECHO REQUESTS. Therefore, the machine could show as DOWN because it doesn’t respond to ping but the machine could actually be alive and on the network.

I personally recommend allowing your machines to respond to ping because there are no benefits to not allowing it other than confusion that could arise from the unexpected. Hiding a PING response doesn’t provide more security because a TCP SYN scan could prove that your machine is alive and well if there are listening ports, among other methods of host discovery.

To put it simple, DO NOT RELY ON PING as a method of testing connectivity only.

Quite often I run into troubled businesses that are having problems and they’re doing something like a Lan-to-Lan VPN tunnel between offices to route ALL traffic to a central location for processing. In today’s modern age most places have access to numerous link selections for deliver of Internet services and even dedicated Metro-E/T1/MPLS etc. What I find sad are the phone companies trying to sell the scam “Business Class DSL” services for businesses because in reality, unlike Cable DOCSIS, your packets aren’t getting any special treatment compared to a residential circuit. I will explain… Read the rest of this entry »

HP vs Cisco Certifications

Being that I am a dual certification holder (HP and Cisco) I am going to weigh in on the Value of the certifications. Read the rest of this entry »

Core vs. Edge Routing Topology

There isn’t a lot of talk about this; however, there is a lot of training material that references this debate and makes recommendations for edge based routing. For those not familiar with the topic I am talking about “Campus LANs” and not ISP networks where you essentially have to push routing to the edge for some customers. In my article I am talking about Core vs Edge in the aspect of where we perform all of our routing in a “Campus LAN” Read the rest of this entry »