Finding a Host’s Switchport

In this post I will demonstrate how we can find out which of SW3’s switchports PC1 is connected to in the topology diagram below. To make things more fun though I’ll begin my search from R1.

Note that apart from R1 and PC1’s IP addresses, we do not have nor need any other information such as intermediate device IPs or port numbers in order to get started. Also note that the diagram is only used to show you, the reader what the topology looks like. As explained below, when doing this in a real topology you do not need a topology diagram to be able to successfully locate the host’s corresponding switchport.

top1 Continue reading

How to Land your Dream Job

I have been very lucky in my career to date. Over the years I have been given the privilege of working in some great roles which I have thoroughly enjoyed. But perhaps it’s not luck which has helped me get these roles? In this blog post I’ll explain my attitudes towards work in the hope that it helps you land your dream job too.

While the traits below may seem unrelated at first they’re actually very tightly related as you will see by the end of this post.

Honesty

As the saying goes, “Honesty is the best policy”. Whether you’re in a job interview, talking to peers, chatting to your boss, always be honest. As another saying goes, “Trust takes years to build and seconds to break”. If you get caught lying in a job interview you can pretty much guarantee that you won’t be getting an offer. If you get caught lying to peers or superiors, your credibility will take a hit which you may never recover from.

Everyone respects honesty. It shows integrity and proves your trustworthiness.

Passion

Be passionate about what you do. You spend most of your life at work so make sure you’re doing something you enjoy. After all, to use another saying, “If you do what you love, you’ll never work a day in your life”.

Continue reading

MTU Vs MSS – Part Two

A little while back I posted an entry called MTU Vs MSS – Part One. At the time the plan was to follow it up with Part Two a short time later, however, here it comes over a year late :) I do apologise for that.

What prompted me to get back to writing Part Two was an e-mail from a reader who asked how I came to the conclusion that using the “ip tcp adjust-mss” command affects a SYN packet’s MSS regardless of whether it is applied to the inbound or outbound interface. The reader also asked if I have any links to documentation that describes this. The way in which I came to the conclusion was by labbing it up. Unfortunately though I do not have any documentation that backs me up.

This blog post will demonstrate the lab I used to come to the above conclusion.

Here is the topology that I used. I have marked each link with a letter to mark the points at which the proceeding packet captures were done. (Note that PC1 and PC2 are GNS3 routers with their icons changed).

topology

Continue reading

Virtual Equipment + Physical Equipment = Big Lab

I have posted a few entries covering GNS3 and how you can use it to help you with your studies. And, in the Connecting Your PC to Your Virtual GNS3 Routers I showed you how it was possible to break your GNS3 routers out of the Virtual world and bring them in to the Physical world. In this post, I am to show you how I used this technique in my lab to give me a rather nice setup.

Figure 1 shows the equipment I own at the time of writing. I don’t really use the 2610 as GNS3 fulfills all of my router needs. I do use the 2509 though as a console router for the rest of my equipment.

Figure 1

fig1 Continue reading

New PC – Nexus 1000V here I come!

As per my previous post, I have been in the market for a new PC for a little while now and have finally made a purchase. The specs can be found below.

CPU: Intel Core i7 3770
GPU: Sapphire Radeon HD7850 2GB OC V2
Mobo: ASRock Z77 Extreme6 Motherboard
RAM: G.Skill Ares F3-1600C10D-16GAO 16GB (2x8GB) DDR3
Case: CoolerMaster HAF 912 Advanced
PSU: Antec High Current Gamer 520W Power Supply HCG-520
HDD1: Samsung 830 Series 128GB SSD
HDD2: Samsung 830 Series 128GB SSD
HDD3: Seagate Barracuda 2TB ST2000DM001
ODD: Samsung SH-224BB/BEBS SATA DVDRW Drive OEM
Screen: 27″ Acer V273HL Acer V273HL FHD LED Backlight Monitor

Continue reading

Download & Install Nexus 1000v For Free!

Cisco has recently announced that the Nexus 1000v can be downloaded and installed free of charge. This is great news for those of us who use VMware products, and especially great news for those of us who have home labs and can’t afford to spend large sums of money on licences.

Using this excellent guide, you will be able to build an entire virtualised setup from the ground up in no time at all.

However, if your like me and your PCs are 7+ years old, it is time to upgrade. I’ve been doing a bit of research, and this is what I have come up with so far:

CPU: i7 3770k
Mobo: Asrock Z77 Pro4
GPU: Gigabyte AMD Radeon HD7850 OC 2GB GV-R785OC-2GD
RAM: G.Skill Ares 16GB (2x8GB) DDR3-1600
SSD: Plextor M5S 256GB
HDD1: Seagate Barracuda 2TB (ST2000DM001)
PSU: Antec High Current Gamer 520W
ODD: DVD burner

Continue reading

MTU Vs MSS – Part One

Have you ever seen the below configuration and wondered what these commands do? And why the MSS value always seems to be 40 bytes lower than the MTU?

interface Dialer1
 ip mtu 1440
 ip tcp adjust-mss 1400

Well, over the course of my next couple of blog entries, I plan to tell you all about them.

From my countless number of Google searches, the best information I could find was:

  • TCP MSS operates at Layer 4. It is 40 bytes lower than the IP MTU as it does not take headers in to consideration (20 byte IP and 20 byte TCP).
  • IP MTU operates at Layer 3. It is the maximum size a packet can be before it needs to be fragmented (or dropped if the df-bit is set).
  • Ethernet MTU (Layer 2) – 1500 bytes, excluding the header and trailer.

This is good information, but it doesn’t tell you why you need to set both the MSS and the MTU.

Continue reading

GNS3 Duplex Mismatch Messages

When Cisco devices are connected to one another and CDP is enabled (which it is by default), if one port is configured as full duplex but the other is configured as half duplex, the two devices will log “duplex mismatch” messages.

This can be very helpful in the real world. However, when using GNS3 these messages can appear for no reason at all, and they will constantly reappear, over and over again. Things get worse when you’ve got one router connected to two others, as was the case in the example below:

01:43:20.579: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R1 FastEthernet0/0 (half duplex).
01:43:20.911: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/1 (not half duplex), with R2 FastEthernet0/0 (half duplex).
01:44:20.839: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/1 (not half duplex), with R2 FastEthernet0/0 (half duplex).
01:45:20.567: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R1 FastEthernet0/0 (half duplex).
01:45:20.971: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/1 (not half duplex), with R2 FastEthernet0/0 (half duplex).
01:46:20.607: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R1 FastEthernet0/0 (half duplex).
01:46:20.935: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/1 (not half duplex), with R2 FastEthernet0/0 (half duplex).
01:47:20.579: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R1 FastEthernet0/0 (half duplex).
01:47:20.983: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/1 (not half duplex), with R2 FastEthernet0/0 (half duplex).

Continue reading

URL Redirects using NAT

In my previous post, Router URL Filtering using NBAR, I explained how it was possible to block users from accessing websites simply by using NBAR, a class-map and a policy-map.

In this post I’ll describe how you can redirect your users’ web requests instead of simply blocking them. This time we’ll use NAT instead of NBAR.

For this example, let’s say you’d prefer everyone on your network to use Google instead of Yahoo, so every time someone goes to Yahoo.com, they’ll be re directed to Google.com.au

To do this, you’ll need to obtain the web server IP addresses for both Yahoo and Google. This can be done easily enough with a ping:

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Pinging google.com.au [74.125.237.51] with 32 bytes of data:

Continue reading

The “do” Command

Don’t you just hate it when your in the middle of implementing a new configuration but then decide you’d like to issue a “show” or “ping” command so you drop down to privileged EXEC mode? For example:

You could always use “Control” + “Z”, however, you still lose your current “spot” in your configuration hierarchy. In the example above, in order to get back to your original configuration mode, you’d need to issue the following commands:

If you need to do this several times, for example, to test ping connectivity, it can be quite time consuming. To save time you could employ the use of the “do ping” command, as per the example below:

Continue reading