Using SNMP to retrieve, update and write to a Cisco router

Hello there,

We all have used SNMP to retrieve information from Cisco routers.

However, I have never tried to do so directly by accessing the MIBS.

Applications that do so like Solar Winds use them to get such information.

I started to write an application using shell scripting so I could perform some operations like retrieving the running configuration however, I found a script that someone had written. It only did a few things so I did expand it to do a little more.

Continue reading “Using SNMP to retrieve, update and write to a Cisco router”

BGP Flowspec Using ExaBGP

Hello Internet,

I was reading about flowspec the other day. It has been around for a while now however it was on the news just recently due to the Internet outage caused by L3.

Apparently, a rule send by a flowspec controller was misconfigured and took down several BGP peers which in return took other BGP peers to L3 and you already know what happened.

Thus I decided to show a lab that implements flow spec for both IPV4 and IPV6.

Here we go.

Continue reading “BGP Flowspec Using ExaBGP”

NAT64 Lab Using Cisco’s ASR and DNS64 (Maybe).

Hello again,

The other day I came across a configuration by Cisco in regard to NAT64.

As you are aware, NAT64 permits IPv6 only networks to access IPv4 networks and vice versa.

Of course, they are not entirely IPv6 only networks since they probably have an IPv4 gateway somewhere allowing them to access IPv4 networks on the Internet.

I decided to do the lab and test it using EVE-NG. Continue reading “NAT64 Lab Using Cisco’s ASR and DNS64 (Maybe).”

Hostapd Revisited. Using Bridging for IPv4 and IPv6.

Hello,

In a previous post, I have shown a configuration using Hostapd, Ubuntu and a Belkin USB dongle allowing me to have Wi-Fi access.

This work reasonably well but the speed of the dongle was 54 Mbps only.  So I decided to buy a Panda PAU06 Wireless N USB adapter.

The reason was that Panda claimed it was Linux compatible and it will operate at 150 Mbps. I know 150 Mbps is so slow nowadays, but I do not need that much speed on the WLAN, all my devices are wired with Gigabit speed.

I do not have several people competing for bandwidth also.

If I need to stream something I use, the media center connected to a big-screen TV.

This setup actually worked fairly well, using Fedora 29 on VMWARE Workstation.

The setup used routing and that created some issues with the “/64” prefixes I am given by my provider that you can read in that post.

Well, I accidentally deleted the VM guest the other day, yes I had no backup but I am always careful, this time it bit me in the behind.

Thus this time I decided to re-do the setup but instead use bridging to connect the LAN and WLAN interfaces. This is working rather well, so read on. Continue reading “Hostapd Revisited. Using Bridging for IPv4 and IPv6.”

IPv6, DHCPv6 and DDNS

Hello,

As you already know IPv6 uses stateless configuration right off the bat.

If you have a small network, this is not a problem, and I mean small meaning maybe 10 or so devices.

You can manually update your devices using DNS and you will be fine.

But in the enterprise where you can have hundreds if not thousands of devices then you have a nightmare.

You will not remember IPv6 addresses as you did with IPv4, you need DDNS so devices can register themselves with DNS.

For this you would need the following.

    • A DNS server that allows IPV6 dynamic registrations
    • A DHCP server that supports such registrations.
    • A DHCP server that can issue IPv6 addresses and other options.
    • A RADVD or Router that is capable of advertising a default route.

I want to show you how to configure this using GNS3 and VirtualBox. This lab hopefully will be instructional.

Continue reading “IPv6, DHCPv6 and DDNS”

ASA Any Connect Split Tunneling Or Why Are You Doing NAT from the Outside?

It has been a while since I have entered anything on my blog. But a few days ago I came across a very interesting situation that is not common but it is counter-intuitive. It has to do with the way the Cisco ASA treats NAT in a very particular situation.

An ASA was configured to have split tunneling disabled for clients using the Any Connect Cisco client. The ASA we are using has several IPSEC tunnels to remote sites. As soon as the clients connected they did not have access to either the Internet or the remote sites. They can access the Internal LAN though.

The reason of course as you may have guessed it has to do with how to configure NAT.

So here we go.

Continue reading “ASA Any Connect Split Tunneling Or Why Are You Doing NAT from the Outside?”