Visio Tips (16 of 30)

Posted by on October 28, 2014 No comments

A diagram software, is a must for a network engineer, and most of us use are probably using Microsoft Visio. Like most of my content, these topics have been covered before, (e.g. PacketLife and PacketPushers,) but I think there have been a few things not covered already, so here are a few tips.

There is a TLDR version below, so if you are impatient, skip ahead.

The biggest time saver to have is to know your short cuts. I find it painful to watch other’s right click then “bring to front” or right click “send to back.”… Read more

Configs Templates Take 1 (15 of 30)

Posted by on October 27, 2014 No comments

I have developed several config template systems over the years, so I wanted to write a tutorial on some of the things I have done. This first tutorial is not much more than going over HTML::Template cpan module, and having an input form, with a short demo and providing the script. As I build on each one, it will get more and more complicated. You can see a much more in depth coverage at packetlife, but this is meant to be much more step-by-step.… Read more

Cisco Symmetrical Script (14 of 30)

Posted by on October 26, 2014 No comments

A while ago I had written a script that would logon to Cisco devices, run a traceroute from IP-A to IP-B then do the same for IP-B to IP-A. It would then query each hop with snmp and see if they worked out to be the same path. If it wasn’t, it would show you the differences.

I have put it up on github.

Update the below with your personal configurations

my $snmp = ‘snmp_read’;

my $ios_username = ‘ios_username’;
my $ios_password = ‘ios_password’;
my $ios_enable_password = ‘enable_password’;

Then you can run the script via cli, or send an html form to the script.… Read more

MTU 1524 on GRE Tunnels (13 of 30)

Posted by on October 25, 2014 No comments

When I first came across this configuration I was confused as to how it was handling either UDP packets of 1500 bytes or TCP packets where PMTUD failed, as either an ICMP issue, or an issue where TCP did not correctly address PMTUD issues.

interface Tunnel10
ip address 10.100.100.1 255.255.255.252
ip mtu 1524
ip tcp adjust-mss 1352
tunnel source Loopback1
tunnel destination 10.10.10.10

The traditional method for fixing this issue would be to clear the df bit, set the MSS as you would normally, and lower the MTU.… Read more

Client VPN IP Overlap (12 of 30)

Posted by on October 25, 2014 2 comments

I am surprised that not more vendors have solved this issue. You will often see solutions for where the user’s IP space overlaps with the client pool given out, e.g here, here and here.

An example would be client pool is 10.10.0.0/16 and the hotel network you are on it 10.10.0.0/22. The most common solution given is to create a separate profile with a different ip pool.

However, there is another similar issue, that even though haven’t seen to often, is still a concern.… Read more

Filter Incomplete Sessions on Palo Alto Firewalls (11 of 30)

Posted by on October 24, 2014 No comments

A short tip today.

Here is a quick way to filer out in your logs packets that were never established (e.g. syn, but no syn/ack.)

(bytes_received geq 1) and (bytes_sent geq 1)

Of course if you are only getting a syn and not a syn/ack, the IP should probably be closed off all together, but you may have some situations where this is to be expected.

 … Read more

Text Tools take 2 (10 of 30)

Posted by on October 23, 2014 No comments

If you missed my first post on Text Tools, you can find it here, where you can also read my full disclaimer. In that example, you replace multiple items in one config, in this example you have a few variables for highly repeatable configs. Think you have a bunch of interfaces and the only thing that changes is interface, vlan, and description.

Go to http://itdependsnetworks.com/text_tools.php, and fill the left side with your variable replacements, and the right side with the repeatable configs.… Read more