Category Archives: Uncategorized

23 Apr

Secret changes in Cisco documentation (follow up on “No EIGRP neighbor authentication on ASR9K” post)

I received comment from Pushpasis Sarkar from Cisco on my previous post about lack of EIGRP authentication on ASR9k. It made me wonder if I missed something during deployment? I remember we were testing it hardly in lab and documentation stated clearly it’s not supported. I’m pretty sure, but 100%, that we were testing key chains both with and without defined lifetime and cryptographic-algorithm, because we were having some issues with IS-IS and key chains too. And it never worked.
Read More

20 Mar

IPv6 only segments not really working (mostly)

I’ve been playing a little with IPv6 when I was preparing WLAN infrastructure for PLNOG 6 conference in Warsaw last week. Here are few discoveries:
1) Most operating systems (including latest Windows and MacOS X) does not like when network is IPv6-only. All of the systems reported limited network access, even tho they had Internet access via IPv6 network.
2) Most operating system were having problems acquiring DNS server information via DHCPv6. MacOS X does not support DHCPv6 at all, Windows, especially when additional antivirus or firewall software were present, wouldn’t work with DHCPv6 either.
3) We really need statefull NAT64 on routers. On ASR1000 stateless NAT64 is available, but it does not solve lack of IPv4 addresses problem. Statefull NAT64 is expected in Q2 or Q3 this year. NAT-PT on ISR routers is not really a solution because you have to disable CEF for IPv6 to make it work.

12 Mar

Enabling IPv6 passthrough on WLC

Wireless network in controller-based environment is good place to start playing with IPv6. You can create separate VLAN and SSID to provide IPv6 service within network. Cisco wireless devices cannot be configured with IPv6-intelligence yet, therefor you can’t assign IPv6 address to access point or BVI interface if needed nor provide any security features. But they can pass IPv6 traffic between IPv6-aware routers and client devices.

By default stand-alone access point pass IPv6 traffic so no additional configuration is needed as long as routers, where particular VLAN is terminated, is properly configured. On Wireless LAN Controllers IPv6 pass-through have to be enabled for particular WLAN.

IPv6 support can be enabled in Advanced tab of WLAN configuration on controller. But, for some unknown reason, this feature is not available on WLC series 2000, 2100 and NME-WLC, even tho it’s visible on configuration panel. Also 7.0 firmware is recommended.

20 Feb

NME-AIR-WLC on the same subnet as router

I was playing a little with Wireless LAN Controller (WLC) on NME module dedicated for Cisco ISR and ISR G2 routers. In all configuration guides at cisco.com you are advised to create subnet for management and ap-manager and distribute it over your LAN. This is not always good solution and you might want to have at least management on same subnet as you manage all of your devices. It is possible and easy.
Read More

12 Feb

Bits or bytes – Cisco, you should know that!

Lets look at output of booting process of Cisco 3925 router

System Bootstrap, Version 15.0(1r)M8, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2010 by cisco Systems, Inc.

Total memory size = 1024 MB - DIMM0 = 512 MB, DIMM1 = 512 MB
Field Upgradeable ROMMON Integrity test 
_______________________________________ 
ROM: Digitally Signed Release Software
CISCO3925-CHASSIS with C3900-SPE100/K9 with 1048576 Kbytes of main memory
Main memory is configured to 72/72(dimm 0/1) bit mode with ECC enabled

Upgrade ROMMON initialized
program load complete, entry point: 0x4000000, size: 0x18fa0
program load complete, entry point: 0x4000000, size: 0x18fa0


IOS Image Load Test 
___________________ 
Digitally Signed Release Software 
program load complete, entry point: 0x4000000, size: 0x34b73a0
Self decompressing the image : ####################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################### [OK]

Smart Init is enabled
smart init is sizing iomem
                 TYPE      MEMORY_REQ
          HWIC Slot 0      0x00200000
          HWIC Slot 1      0x00200000
               PVDM 0      0x00200000
               PVDM 1      0x00200000
            SM Slot 1      0x00600000
           OIR memory      0x00600000
    Onboard devices &
         buffer pools      0x0230F000 
-----------------------------------------------
               TOTAL:      0x0370F000

Rounded IOMEM up to: 56Mb.
Using 5 percent iomem. [56Mb/1024Mb]

Ok Cisco developers, you should know the difference between megabytes [MB] and megabites [Mb], right? Doesn’t seems so :/

I looked deeper if this “typo” is only made on bootup messages. Unfortunately not.

C3925-WLC-pwo#show memory statistics 
                Head    Total(b)     Used(b)     Free(b)   Lowest(b)  Largest(b)
Processor   11A4B8E4   769345308    28055316   741289992   719013612   683698364
      I/O   3C800000    58720256    19334640    39385616    39382912    39381980

Output of this command suggests that measurement is made in bites not bytes but we all know what units are used. It’s not like we all don’t know how to read outputs, it’s just networking company as Cisco should take care of using proper units in outputs.

01 Feb

WAAS Express on ISR G2

WAAS (Wide Area Application Services) has been introduced to market few years ago. It was used to increase performance of low bandwidth links with high delays or jitter. Main disadvantage of this solution was that it required at least 3 components -central manager and two accelerators which could be external or as a router module. But it was all hardware solution. With introduction of WAAS Express introduced in IOS 15.1(2)T some form of acceleration can be provided on software basis.
Read More

03 Dec

Monitoring CPU usage over SNMP in IOS XR

SNMP on IOS XR is not documented at all right now in my opinion. Of course IOS XR supports standard base of MIB’s but if you want to monitor something platform specific it’s hard to guess which MIB you should use. SNMP Object Navigator on cisco.com does not know yet, there is such think as IOS XR or NX-OS.
I got this information from Cisco representative and I’m putting it here so you can use this too. I had to implement CPU usage monitoring on IOS XR for my customer, but unfortunately standard MIB’s were not working. On IOS XR you have to use cpmCPUTotalTable defined in CISCO-PROCESS-MIB

  cpmCPUTotalIndex          .1.3.6.1.4.1.9.9.109.1.1.1.1.1
  cpmCPUTotalPhysicalIndex  .1.3.6.1.4.1.9.9.109.1.1.1.1.2
  cpmCPUTotal1minRev        .1.3.6.1.4.1.9.9.109.1.1.1.1.7
  cpmCPUTotal5minRev        .1.3.6.1.4.1.9.9.109.1.1.1.1.8

cpmCPUTotalIndex is a unique value to identify each CPU but this is not fixed value. Then you need to check an entity with cpmCPUTotalPhysicalIndex as entPhysicalIndex.

Update: Same MIBs can be used to monitor supervisor usage on Nexus 7000