ASA doesn’t boot: Launching BootLoader... Default configuration file contains 1 entry. Searching / for images to boot. Loading /asa825-k8.bin... Booting... Press ESC to interrupt boot: Use BREAK or ESC to interrupt boot. Use SPACE to begin boot immediately. We’re now in rommon: rommon #0> Check variables: rommon #3> set ROMMON Variable Settings: ADDRESS=0.0.0.0 SERVER=0.0.0.0 GATEWAY=0.0.0.0 PORT=Ethernet0/0 VLAN=untagged IMAGE= CONFIG= LINKTIMEOUT=20 PKTTIMEOUT=4 RETRY=20 Config network parameters. rommon #8>ADDRESS=10.0.10.77 rommon #9>ADDRESS=10.0.10.77 rommon #10>SERVER=10.

Continue reading

The Cyberspace a.k.a. the Internet is full of bad guys wanting to mess with our computers right? Of course everyone of us have a firewall configured with proper access and inspection rules, don’t ya? Spamhaus and Team Cymru can help providing list of known bad IPs and subnets that should be filtered in our networks. Spamhaus DROP list “DROP (Don’t Route Or Peer) and EDROP are advisory “drop all traffic” lists, consisting of netblocks that are “hijacked” or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers).

Continue reading

Cisco Live 2016 Europe

Hi CLEUR! This year, for the fourth year in a row, I’ve attended Cisco Live Europe . I’ve earned the “Netvet” status, that means my name was on the wall before the keynote, ain’t that great? ;-) Aesthetics apart, this year’s event was the biggest I’ve attended so far, twelve thousands people in a huge venue (for European standards) and a lot of sessions available. Here’s my recap of the event.

Continue reading

With a good amount of surprise I’ve been nominated Cisco Champion for 2016: Because of your impactful and valuable contributions to the IT community, you have been chosen out of hundreds of nominees to be part of the 2016 Cisco Champion program. Congratulations! Cisco Champion resources Communities Twitter list

Continue reading

Scripts, usually I write some because I don’t like repetitive tasks and I’m lazy, meaning I prefer automation over useless hard work. Don’t know where I found this quote but I like it: Don't spend your time doing work a well-trained monkey could do. Today’s request was quite simple: get model and serial number from a bunch of Cisco switches. I now NEDI , Observium and LibreNMS can do that but I preferred to write a quick script I could use as a one shot tool instead of a complete software solution.

Continue reading

IP addressing design is a topic that follows every networker from the basic to the architect level of experience. Usually we just pick a random range from RFC1918 and address all the devices. But then VPN happens, and with VPN comes the risk of overlapping. How do we fix overlapping? With NAT of course! In this post I’ll show how to use twice NAT to allow VPN connections with overlapping addresses.

Continue reading

Platform: CISCO2921 IOS version: 15.3(3)M5 Load the anyconnect package on the flash of the router and configure anyconnect client package (be patient, this may take a while…): crypto vpn anyconnect flash0:/webvpn/anyconnect-win-4.1.04011-k9.pkg sequence 1 SSLVPN Package SSL-VPN-Client (seq:1): installed successfully Create a virtual template, that’s the interface the VPN clients will attach to: interface Virtual-Template1 ip address 172.31.255.254 255.255.255.0 Create a local pool to assign IP addresses to VPN clients:

Continue reading

Meraki CMNA

Today I’ve attended a Meraki technical training course at Cisco offices. The training was organized in short presentations of product features followed by hands-on labs based on all the products available today. I was suprised to find not only people from small companies or system integrators but more that 50% of the attendees were from Cisco Gold Partners sent to evaluate the products for “managed network” services. Cloud managed network gear is quite a hot topic today and I expect many projects in the future will involve this kind of solutions.

Continue reading

This week I attended a two days training of Cisco DCINX9K . The training is focused on Cisco Nexus 9000 switches in NX-OS mode. NX9K can run two different software images, the full ACI image with all the cool SDN stuff and the traditional NS-OX image with some cool features like Python , Rest API, VX-LAN and more. Now it’s time to improve my Python skills and borrow a couple of boxes to do some labs.

Continue reading

MTU

Today I had a chat about MTU with a customer. MTU is my second favorite topic for tech talks in front of the coffee machine, STP is still the first because there are so many misconceptions about it. Even QoS is funny, people has many creative ideas and expectations from it. Let’s talk about MTU. Everything begun today from a ping (it’s italian in the screenshot, but you know the output by heart right?

Continue reading

A few days ago a customer called worried by the flow control counters increasing on his Cisco 4510 switch, he just sent me this asking for an explanation: CORE_4510#show interfaces flowcontrol Port Send FlowControl Receive FlowControl RxPause TxPause admin oper admin oper --------- -------- -------- -------- -------- ------- ------- Gi1/1 on on desired on 28972 107274064 Gi1/2 on on desired on 9494 111534 Gi1/3 on on desired on 32580 1406178 Gi1/4 on on desired on 1278 84112 .

Continue reading

Some time ago I’ve installed the new core switches for a customer: a couple of Nexus 7000, a couple of 5000 and twelve Nexus 2232TM, Virtual port channels, VLANs, Radius auth and so on.. all the usual configs a good network engineer does. <img src="https://www.ifconfig.it/images/2013-06-20_16-26-15_HDR-225x300.jpg" alt="2013-06-20_16-26-15_HDR"> Since the Nexus 5000 are connected to an iSCSI storage I’ve configured Jumbo frames. Customer called complaining that MTU isn’t correctly set and I must fix it.

Continue reading

Author's picture

ifconfig.it

Where the vNic meets the SDN

Network Engineer

Italy