Networking

  • Comments About Networking Technology


    We've noticed in many ways that traditional networking even in WANs and LANs has changed very little. Years ago most networks were running on 100mbit and today most still are. Even the average internet connection is largely unchanged from several years ago with some minor exceptions from Europe and Asia.
  • HP Procurve Switch 2824 CLI Telnet Experience , Guide and Tutorial


    ------------------------------------- ProCurve J4903A Switch 2824 Software revision I.10.77 Copyright (C) 1991-2009 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 We'd like to keep you up to date about: * Software feature updates * New product announcements * Special events Please register your products now at: www.ProCurve.com Press any key to continue ------------------------------------------- LACP Problems - Be Warned - Disable LACP Unless You Need It! Disable LACP, this is the link aggregation protocol where you can combine 4 ports to increase the overall bandwidth. This sure sounds great but all LACP ports should be disabled unless you are using it. The reason is because it often takes down ports of computers/servers for no apparent or justified reason and it is a pain to troubleshoot. LACP should only be enabled on ports that are actually going to use LACP. Symptoms in the log are as follows: I 01/02/90 01:41:36 ports: port 7 is Blocked by LACP I 01/02/90 01:41:39 ports: port 7 is now on-line I 01/02/90 01:45:23 ports: port 7 is now off-line I 01/02/90 01:45:48 ports: port 7 is Blocked by LACP I 01/02/90 01:45:51 ports: port 7 is now on-line I 01/02/90 01:56:47 ports: port 7 is now off-line I 01/02/90 02:22:42 ports: port 7 is Blocked by LACP I 01/02/90 02:22:42 ports: port 7 is now off-line I 01/02/90 02:39:44 ports: port 7 is Blocked by LACP I 01/02/90 02:39:47 ports: port 7 is now on-line I 01/02/90 02:45:15 ports: port 7 is now off-line I 01/02/90 02:56:42 ports: port 7 is Blocked by LACP I 01/02/90 02:56:45 ports: port 7 is now on-line I 01/02/90 02:57:44 ports: port 7 is now off-line #check if you have lacp enabled on any ports show lacp no LACP ports found. How to disable LACP: *Warning if you have machines that do not come back automatically if the link goes up and down be warned that this could take some or all machines offline and needs physical intervention. When I typed the "no interface all lacp" this took down most computers on the switch and they did not come back on their own except a few. ProCurve Switch 2824# config ProCurve Switch 2824(config)# ProCurve Switch 2824(config)# no interface all lacp wr mem Disable port *Warning about port disable/enable is that I find some servers detect the uplink but will not work after being re-enabled without a network restart (eg. service network restart The "8" represents port numbers. You can also do a range such as "8-15" config int ethernet 8 disable --------------------------- Enable Port *Warning about port disable/enable is that I find some servers detect the uplink but will not work after being re-enabled without a network restart (eg. service network restart config int ethernet 8 enable ------------------------------------ Check each port's bandwidth usage in mbit The "Util" field is how many mbit per second the port is doing. You need to base the % percentage off the port speed eg. 10,100 or 1000 mbit. Port Mode | --------------------------- | --------------------------- | Kbits/sec Pkts/sec Util | Kbits/sec Pkts/sec Util --------- -------- + ---------- ---------- ----- + ---------- ---------- ----- 1 1000FDx | 5016 15 00.50 | 5040 47 00.50 2 1000FDx | 0 0 0 | 0 0 0 3 1000FDx | 2536 0 00.25 | 5024 32 00.50 4 1000FDx | 12376 691 01.23 | 5352 448 00.53 5 1000FDx | 600 0 00.06 | 5024 32 00.50 6 1000FDx | 3960 0 00.39 | 5024 32 00.50 7 1000FDx | 5360 77 00.53 | 5344 112 00.53 8 1000FDx | 0 0 0 | 0 0 0 9 1000FDx | 2488 0 00.24 | 5024 32 00.50 10 1000FDx | 2536 0 00.25 | 5024 32 00.50 11 1000FDx | 2488 0 00.24 | 5024 32 00.50 12 1000FDx | 2472 0 00.24 | 5024 32 00.50 13 1000FDx | 0 0 0 | 0 0 0 14 1000FDx | 0 0 0 | 0 0 0 15 1000FDx | 0 0 0 | 0 0 0 16 1000FDx | 0 0 0 | 0 0 0 17 1000FDx | 0 0 0 | 0 0 0 18 1000FDx | 0 0 0 | 0 0 0 19 1000FDx | 5680 538 00.56 | 12760 784 01.27 20 100HDx | 0 0 0 | 520 32 00.52 21 1000FDx | 0 0 0 | 0 0 0 22 1000FDx | 0 0 0 | 0 0 0 23 1000FDx | 0 0 0 | 0 0 0 24 1000FDx | 0 0 0 | 0 0 0 ------------------------------------------------------------- Show What Port MAC Address Belongs To show mac 00:1F:D0:00:13:CC Status and Counters - Address Table - 001fd0-0013cc MAC Address : 001fd0-0013cc Located on Port : 8 Show All MAC Addresses By Port show mac all If no MAC is displayed it means no device is connected or the device is not active or the port on the switch may be bad or disabled. Status and Counters - Port Address Table - 17 MAC Address ------------- show specific port mac show mac 10 Set Mac Address Security: ProCurve Switch 2824(config)# port-security 1 learn-mode static The 1 above is the port number and then we are setting the learn mode: The learn mode options are: continuous Continuous MAC address learn mode. static Static MAC address learn mode. configured Static MAC address configured mode. port-access Learn port-access authorized MAC address only. limited-continuous Limited continuous MAC address learn mode. Set how many MAC's are allowed to use the port: port-security 1 address-limit X Where x is the number of devices that are allowed to use the port Add allowed MAC's like this: port-security 1 mac-address themacaddress Check port security settings of port: show port-security 1 Port Security Port : 1 Learn Mode [Continuous] : Static Address Limit [1] : 3 Action [None] : Send Alarm Authorized Addresses -------------------- deadbe-efbce8 Check overall port status show interfaces is very useful for counting traffic and also identifying network issues Status and Counters - Port Status | Intrusion MDI Flow Bcast Port Type | Alert Enabled Status Mode Mode Ctrl Limit ----- --------- + --------- ------- ------ ---------- ----- ----- ------ 1 100/1000T | No Yes Up 1000FDx MDIX off 0 2 100/1000T | No Yes Down 1000FDx MDIX off 0 3 100/1000T | No Yes Up 1000FDx MDI off 0 4 100/1000T | No Yes Up 1000FDx MDIX off 0 5 100/1000T | No Yes Up 1000FDx MDIX off 0 6 100/1000T | No Yes Up 1000FDx MDI off 0 7 100/1000T | No Yes Up 1000FDx MDI off 0 8 100/1000T | No No Down 1000FDx MDI off 0 9 100/1000T | No Yes Up 1000FDx MDI off 0 10 100/1000T | No Yes Up 1000FDx MDI off 0 11 100/1000T | No Yes Up 1000FDx MDI off 0 12 100/1000T | No Yes Up 1000FDx MDI off 0 13 100/1000T | No Yes Down 1000FDx MDI off 0 14 100/1000T | No Yes Down 1000FDx MDI off 0 15 100/1000T | No Yes Down 1000FDx MDIX off 0 16 100/1000T | No Yes Down 1000FDx MDIX off 0 17 100/1000T | No Yes Down 1000FDx MDIX off 0 18 100/1000T | No Yes Down 1000FDx MDIX off 0 19 100/1000T | No Yes Up 1000FDx MDIX off 0 20 100/1000T | No Yes Up 100HDx MDIX off 0 21 100/1000T | No Yes Down 1000FDx MDIX off 0 22 100/1000T | No Yes Down 1000FDx MDI off 0 23 100/1000T | No Yes Down 1000FDx MDI off 0 24 100/1000T | No Yes Down 1000FDx MDIX off 0 show interfaces gives you more detail Notice Port 7 showing 203 "Errors Rx". It was because of a bad cable and we wondered why that server had spotty connectivity. Status and Counters - Port Counters Flow Bcast Port Total Bytes Total Frames Errors Rx Drops Rx Ctrl Limit ----- ------------ ------------ ------------ ------------ ----- ------ 1 3,164,403... 2,285,255... 0 0 off 0 2 457,687,164 2,150,118... 0 0 off 0 3 3,716,409... 2,795,214... 14 0 off 0 4 1,897,977... 2,207,705... 0 0 off 0 5 626,012,466 3,843,597... 0 0 off 0 6 2,628,057... 2,138,559... 0 0 off 0 7 1,498,582... 476,790,025 0 0 off 0 8 2,830,274... 1,696,622... 589 0 off 0 9 1,573,201... 3,990,337... 0 0 off 0 10 1,930,438... 2,808,292... 238 0 off 0 11 3,137,823... 3,577,438... 1476 0 off 0 12 2,363,525... 99,291,760 1102 0 off 0 13 0 0 0 0 off 0 14 0 0 0 0 off 0 15 0 0 0 0 off 0 16 0 0 0 0 off 0 17 0 0 0 0 off 0 18 0 0 0 0 off 0 19 2,186,889... 2,963,434... 1 0 off 0 20 530,240,341 746,865,357 581 0 off 0 21 1866 7 2 0 off 0 22 2288 7 2 0 off 0 23 2246 7 2 0 off 0 24 190,610 1821 2 0 off 0 Password Issues/Requirements Note that these switches support a maximum of 16 characters. Spaces cannot be used and it is not obvious if you have gone over the limit so if you cannot login after setting a password type it out and count 16 characters and use only those and you should be able to login. If your password is lost/unknown you can reset just the password (not the switch settings) by holding the "Clear" button on the front of the switch for at least 1 second. Note again this does not reset the switch config but only the password when done this way.
  • Windows Server 2012, 2016, 2019 How To Install and Missing Disabled Telnet Client


    By default telnet is not enabled or installed on the latest Windows servers so you'll get an error saying: telnet is not recognized as an internal or external command dism /online /Enable-Feature /FeatureName:TelnetClient
  • Cisco Switch Setup Guide Command List


    Enter configuration console: enable configure terminal This is important because if your console doesn't look like below none of the commands will work! Switch(config)# Save and Apply Settings wr Show Switch Configuration: show run Show Port List/Status: Switch#show interface status Port Name Status Vlan Duplex Speed Type Fa0/1 connected 1 a-full a-100 10/100BaseTX Fa0/2 notconnect 1 auto auto 10/100BaseTX Fa0/3 notconnect 1 auto auto 10/100BaseTX Fa0/4 notconnect 1 auto auto 10/100BaseTX Fa0/5 notconnect 1 auto auto 10/100BaseTX Fa0/6 notconnect 1 auto auto 10/100BaseTX Fa0/7 notconnect 1 auto auto 10/100BaseTX Fa0/8 notconnect 1 auto auto 10/100BaseTX Fa0/9 notconnect 1 auto auto 10/100BaseTX Fa0/10 notconnect 1 auto auto 10/100BaseTX Fa0/11 notconnect 1 auto auto 10/100BaseTX Fa0/12 notconnect 1 auto auto 10/100BaseTX Fa0/13 notconnect 1 auto auto 10/100BaseTX Fa0/14 notconnect 1 auto auto 10/100BaseTX Fa0/15 notconnect 1 auto auto 10/100BaseTX Fa0/16 notconnect 1 auto auto 10/100BaseTX Fa0/17 notconnect 1 auto auto 10/100BaseTX Fa0/18 notconnect 1 auto auto 10/100BaseTX Fa0/19 notconnect 1 auto auto 10/100BaseTX Fa0/20 notconnect 1 auto auto 10/100BaseTX Fa0/21 notconnect 1 auto auto 10/100BaseTX Fa0/22 notconnect 1 auto auto 10/100BaseTX Fa0/23 notconnect 1 auto auto 10/100BaseTX Fa0/24 notconnect 1 auto auto 10/100BaseTX Gi0/1 connected 1 a-full a-1000 10/100/1000BaseTX Gi0/2 notconnect 1 auto auto Not Present Show config of individual port or vlan You could also have used "interface vlan 1" and you would get the config of the vlan. Switch#show running-config interface gi0/1 Building configuration... Current configuration : 36 bytes ! interface GigabitEthernet0/1 end Create VLAN: Switch(config)#vlan 80 Switch(config-vlan)#name realtechtalk.com Assign VLAN: Switch(config)#int fa0/19 Switch(config-if)#switchport access vlan 80 Show all VLANs: show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - - 0 0 1004 fdnet 101004 1500 - - - ieee - 0 0 1005 trnet 101005 1500 - - - ibm - 0 0 Show Specific VLAN show vlan id 1 Configure interfaces 100M Ethernet is normally known as fa0 So for port 1 you would use fa0/1 int fa0/1 or int fastethernet0/1 1Gig Ethernet known as gigabitethernet or gi0 int gigabitethernet0/1 or int gi0/1 You can configure vlans in the same way: int vlan 1 Working with a range of ports (example of ports 1-12) int range fa0/1-12 Enable Port(s) int fa0/1 no shutdown The no in front of shutdown means turn on the port (the opposite or !) How to Assign ports to vlan #how to assign ports to vlan in this case it is ports 1-24 and they are being assigned to vlan 1 Switch(config)#int range fa0/1-24 Switch(config-if-range)#switchport access vlan 1 Port Security Maximum MAC addresses/devices Where 8 below is the maximum number of MAC's rtt(config)#int fa0/3 rtt(config-if)#switchport port-security maximum 8 To Disable MAC Limit rtt(config-if)#no switchport port-security maximum How To Disable Port Security On A Port no switchport port-security no switchport port-security violation protect no switchport port-security mac-address sticky no switchport mode access BPDU Guard This can be the source of a lot of pain for end users and network admins. To understand this, first let's talk about STP (Spanning Tree Protocol) which is designed to prevent routing loops that would otherwise kill a network. A routing loop could be something as simple as an ethernet cable that has both ends plugged into the same switch. STPworks by exchanging BPDU (Bridge Protocol Data Units) which are multicast messages sent out and contain info like the source MAC, switch ID, originating switch port, switch port priority. It then uses an algorithm based on the BPDU information to create an STA (Spanning Tree Algorithm) at the layer 2 level and will shut down a port if it is creating a loop. Now BPDU Guard in the world of Cisco just means that if it receives a BPDU it will shutdown the port in errdisable. I say this is good in terms of keeping a network secure and running well, but a pain for end users who need to run a managed switch and for network admins who were unaware that BPDU was enabled. Check a port's settings and you may see this: rtt#show run int gi0/1 Building configuration... Current configuration : 335 bytes ! interface GigabitEthernet0/1 switchport access vlan 999 switchport mode access switchport port-security switchport port-security aging time 2 switchport port-security violation restrict switchport port-security aging type inactivity macro description cisco-desktop spanning-tree portfast spanning-tree bpduguard enable end To disable bpduguard rtt(config-if)#spanning-tree bpduguard disable To enable bpduguard rtt(config-if)#spanning-tree bpduguard enable *Note you can also enable or disable BPDUguard globally by just being in conf t #enable by default rtt(config)#spanning-tree portfast bpduguard default #disable by default rtt(config)#no spanning-tree portfast bpduguard default How to assign IP to VLAN Choose your interface eg vlan 777 Where below 10.25.20.2 is the IP and the netmask is 255.255.255.0 Switch(config-if)#ip address 10.25.20.2 255.255.255.0 Assign the default gateway: Switch(config-if)#ip default-gateway 10.25.20.1 How To Set Administrative "enable" mode Password Switch(config)#enable password realtechtalk.com DHCP Server Creation for VLAN Create VLAN and assign IP 10.25.2.2 and DFGW 10.25.2.1 switch(config-if)#int vlan 1800 switch(config-if)#ip address 10.25.2.2 255.255.255.0 switch(config-if)#ip default-gateway 10.25.2.1 #you could add Option 150 if this VLANis for phones and you have a CUCM Server (specify the CUCM server IP) switch(dhcp-config)#option 150 ip 10.25.2.8 Create DHCP Pool for VLAN 1800 range 10.25.2.0 #to match the DHCP Pool to the VLAN we mention vlan1800 as the name of the pool below. switch(config)#ip dhcp pool vlan1800 switch(dhcp-config)#network 10.25.2.0 255.255.255.0 switch(dhcp-config)#dns-server 8.8.8.8 4.2.2.1 switch(dhcp-config)#default-router 10.25.2.1 Exclude Relevant Addresses switch(config)#ip dhcp excluded-address 10.25.2.1 10.25.2.2 Enable SSH: First we need to generate keys for the SSH server which takes a bit of time if you choose a decent key size crypto key generate rsa A key size of anything less than 4096 is useless but some older routers or switches may only support 2048. 4096 on a 2960G takes forever for example. The name for the keys will be: rttkey Choose the size of the key modulus in the range of 360 to 4096 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 4096 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] From enable mode enable password encryption otherwise if someone sees your config, they will see your raw password in unencrypted form: service password-encryption Create username and password: username rttuser password rttpassword Enter line vty 0 4, enable SSH and tell it to authenticate as a local user (eg. the one created above) line vty 0 4 (config-line)# transport input ssh (config-line)# login local (config-line)# password 7 (config-line)# exit Troubleshooting Why can't I ping or connect to my VLAN IP? Make sure the VLAN that has the IP is assigned to a port Make sure the IP address is correct and it has the appropriate default gateway if necessary Make sure your client side machine has an IP on that subnet AND that you have a route to it through the right adapter (eg. in Linux ip route add 10.10.25.0/24 dev eth0)*Remember to specify the /24 or whatever mask you desire and the right device. Is the port and VLAN in a noshut state? Cannot Set VLAN on port due to VTP errors: Switch(config-if)#switchport access vlan 1234 % Access VLAN does not exist. Creating vlan 1234 Switch(config-if)# *Mar 1 00:17:02.688: %PM-2-VLAN_ADD: Failed to add VLAN 1234 - VTP error. A quick and easy way is to turn off VTP as VTP can pose a risk to production environments due to its ability to automatically delete VLANs. vtp mode off Setting device to VTP Off mode for VLANS.
  • Cisco Router Password Reset Howto Guide Solution Cannot Login /Unknown Enable Password 2600, 2800, 2900, 3900


    It is common that you may get access to undocumented equipment and need to reset the password. This applies to many Cisco routers whether 2600, 2900, 3900 etc... Cisco's Guide says to hit Ctrl +Pause/Break but if it doesn't work on some devices causing people to say "cisco password reset pause break does not work", you can see Cisco's alternative key combinations here: Step 1: Power Cycle The Router/Switch to enter rommon mode For Routers like 2900/3900 follow this guide to remove the CF disk first. Immediately and within 60 seconds hit Ctrl + Pause/Break repeatedly until you see the "rommon 1" prompt. If the image boots normally to the console, then you've hit the keys too late or maybe you need to check the alternative key combinations above. Type "confreg 0x2142" and then "reset". This will then give you root access without authentication. Step 2 - Wait for the reboot, load config and reset the password Once the image loads, make sure that you hit "no" to the "Would you like to enter the initial configuration dialog". Type "en" or "enable" to enter enable mode. copy start run Then hit "enter" to accept the default destination filename of "running-config" Now Reset Your Enable Password: conf t enable secret oursecretpassword Remember to save the current config: wr or copy run start If you need to reset the console password: This is wise to do as presumably you don't have access in any other mode at this point and if you exit enable mode you won't be able to re-enter if there is a password on the console. Be sure to do a "wr" or copy run start after this to save the changes. Step 3 - Reset config register in config mode you have to set the register back to 2102, otherwise the router will keep booting without the startup config. config-register 0x2102
  • Cisco Switch Howto Reset Password


    This was done on a 2900 but applies to all the switches of the same era. Step 1 - Power Cycle and enter recovery mode If you have physical access you can power cycle and hold the mode button down for 15 seconds. After that the SYS light will flash on the switch and you will see the following screenshot. If you don't have physical access (eg. it is a datacenter swich over console only) then power cycle and hit "Ctrl+Pause/Break" repeatedly once the power is on until you see the below. Step 2 - Disable startup config file Type: flash_init Type: dir flash: This shows us all of the files on the flash card, normally the startup file will be "config.text". We will be renaming it temporarily until we boot. Rename the config.text: rename flash:config.text flash:config.text.orig Step 3 - Boot Type: boot You will see output like this At this point you could just default the switch but we want to reset the password and presumbly look at the existing config and just reset the password for now. When it asks us if we want the initial configuration dialog? [yes/no]: Answer no Type: no Step 4 - Enter Enable Mode, Restore Config And Reset Password Enter enable mode Type: en Restore our config file: Type: rename flash:config.text.orig flash:config.text Set a new password of "realtechtalk.com" (obviously change to the password you want for security reasons). Type: enable secret realtechtalk.com Save The New Config/Password You Set Type: do wr
  • Latest Articles

  • How To Add Windows 7 8 10 11 to GRUB Boot List Dual Booting
  • How to configure OpenDKIM on Linux with Postfix and setup bind zonefile
  • Debian Ubuntu 10/11/12 Linux how to get tftpd-hpa server setup tutorial
  • efibootmgr: option requires an argument -- 'd' efibootmgr version 15 grub-install.real: error: efibootmgr failed to register the boot entry: Operation not permitted.
  • Apache Error Won't start SSL Cert Issue Solution Unable to configure verify locations for client authentication SSL Library Error: 151441510 error:0906D066:PEM routines:PEM_read_bio:bad end line SSL Library Error: 185090057 error:0B084009:x509 certif
  • Linux Debian Mint Ubuntu Bridge br0 gets random IP
  • redis requirements
  • How to kill a docker swarm
  • docker swarm silly issues
  • isc-dhcp-server dhcpd how to get longer lease
  • nvidia cannot resume from sleep Comm: nvidia-sleep.sh Tainted: Linux Ubuntu Mint Debian
  • zfs and LUKS how to recover in Linux
  • [error] (28)No space left on device: Cannot create SSLMutex Apache Solution Linux CentOS Ubuntu Debian Mint
  • Save money on bandwidth by disabling reflective rpc queries in Linux CentOS RHEL Ubuntu Debian
  • How to access a disk with bad superblock Linux Ubuntu Debian Redhat CentOS ext3 ext4
  • ImageMagick error convert solution - convert-im6.q16: cache resources exhausted
  • PTY allocation request failed on channel 0 solution
  • docker error not supported as upperdir failed to start daemon: error initializing graphdriver: driver not supported
  • Migrated Linux Ubuntu Mint not starting services due to broken /var/run and dbus - Failed to connect to bus: No such file or directory solution
  • qemu-system-x86_64: Initialization of device ide-hd failed: Failed to get