MPLS Circuit Troubleshooting

Link

In this scenario we are asked to validate a flapping interface.  

1] Find the serial interface and verify that it is up/up

 attga43c3#sho ip int br | include 10.112.210.45

 Serial9/1/1/20:0       10.112.210.45   YES manual up

2] Display the interface and note the errors

    attga43c3#sho int s9/1/1/20:0

        Serial9/1/1/20:0 is up, line protocol is up
          Hardware is cyBus 2CT3+
          Description: MNX | MYHOME SERVICES | MYHOUSE | GA | DHEC.123456..ATI | 23853 | 1305937 | 1364629 | USA | MIS |
          Internet address is 10.112.210.45/30
          MTU 1500 bytes, BW 1536 Kbit, DLY 20000 usec, rely 255/255, load 1/255
          Encapsulation PPP, crc 16, loopback not set
          Keepalive set (10 sec)
          LCP Open
          Listen: CDPCP
          Open: IPCP
          Last input 00:00:05, output 00:00:05, output hang never
          Last clearing of “show interface” counters never
          Input queue: 0/1000/0/0 (size/max/drops/flushes); Total output drops: 5
          Queueing strategy: VIP-based fair queuing
          5 minute input rate 0 bits/sec, 0 packets/sec
          5 minute output rate 0 bits/sec, 0 packets/sec
             6534487 packets input, 3035189030 bytes, 0 no buffer
             Received 0 broadcasts, 0 runts, 1 giants, 0 throttles
             116987 input errors, 7228 CRC, 51274 frame, 0 overrun, 0 ignored, 58484 abort
             5877595 packets output, 2144676741 bytes, 0 underruns
             0 output errors, 0 collisions, 170 interface resets
             0 output buffer failures, 0 output buffers swapped out
             166 carrier transitions no alarm present
          Timeslot(s) Used: 1-24, Transmitter delay is 0 flags, transmit queue length 5
          non-inverted data

3] Find the VRF and ping the VRF interface.

    attga43c3#sho ip vrf interface | include 10.112.210.45

        Serial9/1/1/20:0       12.112.210.45   1612 <— VRF

4] Run an extended Ping to the VRF

    Router3#ping vrf 1612   

        Protocol [ip]:
        Target IP address: 10.112.210.46
        Repeat count [5]: 5000
        Datagram size [100]: 1500
        Timeout in seconds [2]: 1
        Extended commands [n]:
        Sweep range of sizes [n]:
        Type escape sequence to abort.
        Sending 5000, 1500-byte ICMP Echos to 10.112.210.46, timeout is 1 seconds:
        !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

In the above ping I wanted to really hammer the heck out of circuit.  In this example we see that the circuit is clocking massive input errors and  no output. Instead of me writing what I did to correct this, I’m going to leave this post open for the reader to comment what they think I did.  Note the bold errors and circuit type.

Task Manager’s Tiny foot print mode.

Have you ever ran into this?  Or even seen it?  Windows XP Task Manager has a mode called “Tiny footprint” MS Support Page

The mode is meant to allow people who want to, display their CPU meter.   this comes in handy when running six or more routers in GNS3,  you want to make sure that your CPU is not being pegged.

Normal Task Manager Windowimage

To the left we have our normal task manager window.  If you were to double click any where on the boarder the task manager will change to the image on the right What happens is by double clicking the boarder causes the menu tabs to disappear.   When I first saw this I thought something was wrong with my windows.  I even rebooted my computer but before panicked further I went researched it on

As you can see, it makes it very easy to keep eye on your processors.

Microsoft’s Website.  You can still navigate the menus by holding <TAB> + <SHIFT> and selecting “< or >“  your arrows keys. If you never seen this before it can be nerve wracking.

My preliminary Cisco router setup

As a potential engineer one of the many basic skills you’ll need to master in your career is setting up a newly purchased router. Surprisingly I know a lot of Engineers that have worked in NOC’s (Network Operations Centers) for years, troubleshooting all sorts Cisco devices and various issues and never really having to configure anything. This is truly one of the down sizes of working in a large company; you tend to get pigeon-toed into doing on particular thing all the time.

Two skills are needed to know from memory.

• Basic setup a router or switch

• Basic password recovery for a router or switch Continue reading

Custom Cisco menu configuration

A while ago I stumbled upon a great piece of code that could make your Cisco router a little less intimidating for your tier one tech support staff.   The tier one team is useless the first ones that the customer engages when calling in a trouble. 

Most of the time tier one is responsible for taking the customer information, creating a ticket and performing some basic trouble shooting steps,  i.e. verify links and change passwords or provide application assistance, anything more in depth is forwarded to the tie 2 or 3  group.

With a simple menu configured on a Cisco router you can perform  basic show  commands that any tier 1 or 2 can use without the fear causing any intrusive down time to the production network, and the person performing the commands does not need to know the  proper command syntax .

Continue reading

Config Bytes Elearning Pod Casts

It’s been a busy six weeks for me.  I got the crazy idea of putting together some short five to ten minute how-to ConfigBytes video casts,   I’m just polishing up the last frames of my video podcast debut.  I decided to create these from watching several others that ether fall short or are out dated.

There is nothing more frustrating than watching a configuration video that someone placed on YouTube with NO sound or at least a commentary of what they are doing.  What I found is that these are freaking hard to make, trying not to stutter and remember to look up at the camera ever now and then were the hard parts then threes video and sound editing along with fact checking (making sure that the config you type is correct)

I hope to have the first video in the can by the end of this month.  My  goal to create one a month based on the amount of feedback I get I can see me doing one a week.

How to prevent toll fraud on Cisco Gateways.

Link

Recently I experienced an issue with a customer that had their long distance carrier shut the service down .  The reason why was that they were showing an excessively large amount of long distance calls made to various African countries as well as Cuba.   

Click to open PDF

The customer is using a Call Manager Business Edition which puts the Call Manger and Unity on the same 7800 server.

The way the problem was presented to us suggested that these calls may have been made internally (it’s my experience that someone on the cleaning crew could be making these calls) which can be easily and quickly identify, all we need to do is look for a pattern when the calls were made, time, day and extension.

Most the time internal fraud calls like theses are made from an open fax machine that has a headset attached to it.  Sometimes Fax lines may be configured to go straight to the gateway on an FXS port; relying on whatever the dial peerforward-digits 7that port is configure to.   Of course this type of configuration bypasses the CM and its logging, dial restriction ability.    Other times the fax line can be set to go into the CM and required to follow what every the dial restrictions are set to.

dial-peers configured
dial-peer voice 11 pots
destination-pattern 9[2-9]……
port 0/2/0:23

Dial Restrictions

Dial Restrictions

The CM log showed unauthorized long distance calls made from the VM extension.    But how was this possible?    CM and Unity normally run independent of one of another, however the business edition is BOTH ran on the same sever.   Which is fine; once a call enters Unity it out of CM’s hands, but if call can somehow be rerouted back to CM, CM can and will forward to call to the outside.

Cisco said that there are rare instances when someone can make a long distance call from VM if they can manipulate an extension into reaching a dial tone.  A lot of variables have to be met before this can happen as well as the person needs to have a working knowledge of how CME and Unity works.  I’ve even heard of people forwarding lines to an outside line.

This can all be fixed with a few minor adjustments on the dial restrictions.

With the dial restrictions in place, we waited…   after 56 days the customer called back to say they were being hit again with toll frauds.    This time, the CM logs reported NOTHING, nada; there were NO forwarded calls from the VM.    They found another way out…   The only item left was the gateway, a Cisco 2821

First thing I check was the dial-peers, I went through each one and found **ADD250X250** no issues at all… but I did notice that this customer did not have a basic access-list to block various ports.  Further investigation showed a lack of an access-list.  I explained to the customer a lack of an access-list can and will allow unauthorized connection to the gateway and make long distance calls; I proved this with a program call XLTE , with this I was able to connect to the gateway using sip and make a call.

This was resolved with the access-list below and applied to the internet connection.

Extended IP access list 101
access-list 101 deny udp any any eq 2427 log
access-list 101 deny tcp any any eq 2428 log
access-list 101 deny tcp any any range 1718 1720 log
access-list 101 deny tcp any any eq 1731 log
access-list 101 deny tcp any any eq 2000 log
access-list 101 deny tcp any any eq 5060 log
access-list 101 deny udp any any eq 5060 log
access-list 101 permit ip any any

Next we apply this to our interface with the following command.

ip access-group 101 in

We have “log” at each end so we can keep track of what protocols are being hit from the outside.  It’s been my experience that you will large amount of hits on 5060 TCP/UDP due to the fact the port belongs to SIP, which a common open standard VOIP protocol that most vendors support.

UDP 2427 (MGCP)
TCP 2428 l (MGCP)
TCP 1718 1720 (H323)
TCP 1731 (MSICCP)
TCP 2000 (SCCP) SKiNNY  Cisco
TCP 5060 (SIP)
UDP 5060 (SIP)

It’s been several months now and there have NOT been any toll fraud issues reported.  A simple access-list like the one above helped elevate this common mistake.

rstaples@configbytes.com www.configbytes.com

Goodbye to Microsoft Windows 2000

July 13 2010 marks the end of Microsoft’s extended support for Windows 2000

I’m sad to see it go, it’s my opinion that Windows 2000 was probably one of the most stable OS’s that Microsoft put out.  I rarely had any issues running it and I know that a lot of businesses were still using the OS, it does a great job of getting basic internet tasks done.

Windows 2000We seen several services packs released over years for Windows 2000, service pack 1 gave us IPV6 support which was easily enable with the net start tcpipv6 command.   Service pack 2 gave us DX 9c and 128-bit encryption, SP 3 gave more security updates and SP 4 allows users of an Win2k users who have not applied any packs to fully upgrade.

Granted is was not all was warm and fuzy in Win2k land, there were security issues in the beginning most notably was the leak memo by Marry Jo Foley who revealed that Win2K had over sixty thousand known defects .  Win2K also received its fair virus share of famous attacks such as Code Red and Nimda.


Continue reading

GNS3 07 ?


Qemu


So far I am not pleased with the new GNS3 07 , I’m having some serious issues in rying to configure the settings.

Searching the internet has not yeilded much information on how to set this up. This week I’ll be “plunking” around with the new GNS3, trying to make it work. I hope to have it all figured out soon so I can upload my PIX labs that I’ve been working on.

The Last Subnet How2 Doc

Note that this was originally posted in May 2009

subnetdoc

I wrote this document to help with my CCNA studies, the intent of the document was to help me quickly convert class A and B subnets for the test.  The CCNA will present subnet questions in CIDR format and you should know how to answer them in less then 90 seconds.

I converted the document from Microsoft Word 2007 to PDF using doPDF6.3 a  free PDF converter.  So far it appears to have done a nice job.  You can find it here >Do PDF

The document is here > The Last Subnet How2 Doc

Please leave feedback

(Last edited by rstaples on 2012-08-08 -corrected download links)