Quick Links
Apple Newton
LAN and WAN
Internet & UNIX
MS Windows
Mac OS X
Wireless
Home
General Stuff
Default Logins and Passwords for Networked Devices is quite useful.
Cisco Stuff
I've got enough certifications to be certifiable and picked up both CCDP
and CCNP along the way - I've opted to let them lapse.
I passed the CCIE Routing & Switching Prometric exam back in 1998 and decided
not to take the lab portion of the exam to remain a little vendor neutral 8).
Cisco charges a premium for their routers and I don't see
the price/performance value - particularly since IOS and PIX source code ended
up for sale on the Internet last year! I started using Cisco routers in 1994
and PIXes in 1999 (once PIXOS 5 came out and all the ugly conduit statements
could be replaced with access lists).
For those maintaining up-to-date access lists to block RFC 3330 and 1918
address spaces, check the Cymru Bogon List that is well maintained with the latest
information.
Useful Cisco command
summary
If you are confused about the Cisco switching product line take a look at my
Cisco switch
model summary.
Another good thing to know is the
command line interface (CLI) shortcuts.
Network-based application recognition (NBAR) is great for gathering information
on what data is traversing Cisco routers. Though Cisco does not offer QoS
Device Manager (qdm.tar) for download anymore and not "officially supported"
but works well on 1700/2600/3600/3700/7200 series routers, if you can find it,
displays nice graphics of the data collected by NBAR. You can also setup
MRTG to graph NBAR statistics.
I get confused by all the different fiber transceiver connnectors. Here's a
basic rundown of the possibilities:
SC - old school connector used on Cisco GBICs
SFP - new / smaller connector (also known as MTRJ) that is all the rage on
most vendor switch offerings for GB Ethernet today. Similar to SC but ~ 1/2
the size.
ST - older school connector used on 10BaseFL ST cables have metal twist
connectors at each end and they attach to silver lugs on the device.
Terminal servers are great for managing a bunch of Cisco gear out of band.
See my async line
numbering tips if this is of interest.
Cisco www links
Cisco Console Server Connections Guide great for building your own
connectors and learning all the ins and outs of out of band management.
Configuring Network Security ACLs
Cisco PIX System Log Messages
Firegen for PIX log
analyzer
fwanalog is a nice shell script
for parsing and summarizing firewall logfiles.
Summary of Cisco
Acquisitions No need to wonder how there are 7+ IOS dialects after looking
at this one!
PIXie Cisco PIX log analysis
tool
Configuration Examples Related to VLAN Features
Extreme Networks Stuff
I decided to move away from Cisco Ethernet switches in November 2004. Based
on a number of factors, I chose Extreme Networks. Thus far I have one baby
core Summit 400 Layer2/Layer3 48-port 10/100/1000 box and plan on deploying
either a chassis or multiple Layer 2 48x10/100 switches next year.
I have a lot of experience with Cisco Catalyst swithches (from 1900 - 6509)
and decided it was better to stop trying to remember ~6 different command
syntaxes and move on to something more uniform, logical and that has a decent
GUI for management.
The Summit 400 works great with SNMP trend monitoring via MRTG. I am in the
process of putting together a
command cross reference for Extreme and Cisco CLI's.
Here is a
basic Layer 2 configuration for the Summit 400. I initially set mine up
this way before implementing Layer 3 functionality.
Juniper Stuff
With the new J series routers, I've decided to move away from Cisco for edge
devices (I'd do the same at the core if I needed the horsepower Juniper offers)
since the vast majority of what I do does not involve VOIP and other sorts of
proprietary features. Juniper has a more modern OS without all the legacy
baggage present in the bloated Cisco IOS. I've also deployed Juniper's
SSL VPN and firewall products. So far I've got few complaints with Juniper for
firewall, router or SSL VPN. Support is a bit different in that you don't have
access to all their products (like on Cisco CCO) but generally I've found them
to be quite responsive and on the ball.
During the past 3 years (~2001-2004) frequently when
I called Cisco support, the techs read from torturous help desk
troubleshooting scripts or put me on hold to "ask their supervisor". Nowhere
near the same level of support that I got from Cisco in the '90's.
Cisco / Juniper Commands
ScreenOS hidden commands
ScreenOS does not log denied/dropped traffic by default. From the CLI,
type: set policy from untrust to global any any any deny log
ScreenOS traffic log and event log
buffer sizes for all Juniper firewall products.
If you are attempting to upgrade a Juniper/Netscreen firewall from the Web GUI
and receive an error message such as "The uploaded file cannot be recognized
as a valid software image file. Please double-check with your supplier"
You need to perform the upgrade via CLI:
Backup your existing software with:
exec save software from flash to tftp 192.168.0.1 nsMODELNO_REVNO
Copy the new software via tftp:
exec save software from tftp 192.168.3.1 ns????????? to flash
NOTE: tftp is the most reliable method for upgrading devices. Using the Web
GUI to upgrade can in rate instances corrupt flash.
Return to my Home page