Posts Tagged ‘Networking’
There has been some slight confusion and ambiguity around the “single-connection” configuration statement provided by Cisco switches and routers, including SAN MDS switches. As of this writing, Cisco Nexus 9000 NXOS switches on 7.0.3.I5.1 code do not support single-connection in their tacacs host configuration; however, certain MDS switches do. In either case, if you do find yourself wondering here for the answer, let me elaborate for you.
The purpose of single-connection is to multiplex all of your TACACS authentication requests using a single TCP oriented connection from the switch to the TACACS server. Using tac_plus, an open source TACACS server, you can absolutely set the single-connection bit from say, a Cisco 9706 MDS switch; however, upon packet analysis of any TACACS authentication requests you may discover the single-connection bit is set to 0.
Refer to draft-grant-tacacs-02 and scroll to the FLAGS section for an explanation of where you will, and should, see the single-connection bit set in the TACACS flag. Basically, you’ll only ever find the bit set in the initial setup of the connection so both the TACACS server and the client agree on single-connection TCP. Thus, instead of each and every TACACS request coming through as a unique TCP connection (essentially having to use multiple sockets, sockets being the 4-tuple of SRC IP, DST IP, SRC port, and DST port) the TACACS query and response messages are just carried over the single TCP connection.
If your system supports this, its worth attempting to see if it works as it can save some resources; however, your mileage may vary.
Let’s just get down to business, we all use it but few of us understand what any of it means. The documentation is a little, well, complicated for some people so I aim to give you a better understanding of the Cisco configuration register, also known as the config register or config-reg. Read the rest of this entry »
Let me start with something from a distant memory. I knew a principal of a school and I asked “What qualifications does a person need to be a principal”? I remember the answer was “just a master’s degree” and I responded “no experience needed?” and he replied “yes, but that creates problems because principals with no experience teaching have high turnover, low morale, and have pitiful results in their school”. It was then and there I knew one thing mattered most to me over anything, experience and a variety of it; however, this “variety” can harm and help you at the same time, it just depends on how you go about it and that brings me into a new chapter into my life… Read the rest of this entry »
I have seen a lot of these courses go up online and you find people flocking to them for this super easy way into a big salary IT networking job overnight. I don’t believe one can go from the skills of a CCNA to a CCNP in X number of weeks. The vast difference between the skills you’ll need in the CCNP is so far from the CCNA concept it isn’t funny. In fact, I have long said I would love to see Frame Relay disappear in favor of configuring for more real world scenarios like: MPLS and Metro-E. However, they keep churning out Frame Relay information because it is easy to learn. Perhaps this is the reason why we have so many white board interviews that can last hours upon hours because we’re churning out CCNA/P certified engineers with little to no real world experience. I believe in the long term approach by gaining valuable work experience and studying along the way. If you’re looking to get ahead you should also purchase lab equipment and learn at home when you can, nothing at all replaces learning the hard way by trying to build it yourself and test all kinds of scenarios. If you’re looking for a quick way to get certified without experience these classes will help you get there, just don’t expect to do that well in white board interviews. If you’re a seasoned vet and just want to make sure you pass the first time because you’re a busy IT professional, these are good too.
I see a lot of confusion about the Type-4 LSA and what it does. This confusion is high in the CCNA world because little is explained about it and one might think it is useless; however, this is valuable when you’re learning or doing route redistributing into OSPF using External type-2 redistributed routes with multple ASBRs redistributing the same external routes. Read more… Read the rest of this entry »
Spanning-tree is the red headed step child of networking and I firmly believe it is not spanning-trees fault, I blame ignorance of the engineer. Spanning-tree is a tool and like any tool it is typically designed with a specific purpose; however, like most tools in life, you can apply the tool against something else not intended to get desired results. The ignorance people have for spanning-tree causes a lot of issues on networks I have had to resolve in the past and they were relatively easy to resolve. I will explain the single most forgotten configuration parameter: bridge priority: Read the rest of this entry »
Quite often I hear people reference the Native VLAN and they’re unsure what exactly they’re talking about. In the RFC standards “Native” is considered an “Untagged” VLAN on a port and that is the preferred terminology. So, this is really simple, “native” means “Untagged” because on each Cisco “Trunk” port you can have a different native VLANs on each Cisco “Trunk” port. Thus, the concept of a native VLAN isn’t always VLAN 1 it is just a convenience that VLAN 1 is the default VLAN on Cisco switches when they’re unpacked and that confuses most people. In reality, you won’t have an untagged port on a Cisco trunk because you’d rather have all inter-switch traffic tagged to prevent VLAN-hopping.
Funny how this article appeared on LinkedIN on my last day here at the City of Durham. While the ride here has been a great one and I have worked with some awesome technology it was clearly my time to move on with life. I am grateful to have worked with the individuals who welcomed me here on day 1 and are celebrating my departure at lunch today. Their mentality rings true to the article I posted because they are sad to see me go; however, they are also happy to see me advance in life and take a job that fulfills a dream.
A quick tidbit of information useful in troubleshooting and interviewing and reviewing the logs (if you can) before you start hacking away at the issue. It makes no sense to start diagnosing an issue if you have logs that can, hopefully, tell you what was going on before and after an event that caused an outage. For instance, if your wireless just decides to go down you may want to look at the lgos in the AP (autonomous mode) or the controller (Controller mode) and see what was happening. Given there is enough verbosity in the logs it should tell you what happened and you can take corrective measures. This applies to interviews because people always ask “What are your steps to figuring out what happened?” I always start with: I check the logs.
Classful routing/networking is no valid into today’s CIDR (Classes Inter-Domain Routing) networks; however, it seems that people are still over using the classful terminology almost interchangeably. The concept of classes in network is obsolete and should no longer be used when referencing network subnets because classful routing has defined network ranges that make them classful and CIDR does not. Read the rest of this entry »