Adding some substance to my example network

So thanks to fakenamegenerator.com I thought I should add some people and setup various workstations around my fake network. With that said, here is my list:

name user id country PC
Hazel B. Forrest hforrest USA MS-DOS
James M. White jwhite USA Windows 3.1
Russell I. Ward rward USA
Valerie H. Shimp vshimp USA
Vera H. Williams vwilliams USA
Marie J. Brown mbrown UK Windows 95
Jason S. Seymore jseymore UK
Mingmei Hao mhao HK OS/2 1.21
Guang Huang ghuang HK
Wit Pawlak wpawlak PL WindowsNT 4.0
Fabio Napolitani fnapolitani IT

Which is enough to get me started in creating some users.

For starters I thought it would be fun to make up some applications the users can ‘use’ on this fine network.  A mainframe is a must, however Hercules doesn’t emulate SNA networks.  Which is kind of sad.  I did find an evaluation copy of Microsoft SNA Server 2.11 which runs great on NT 3.5 and higher.  However it is limited to two sessions, but to be honest back when I used a mainframe for work, Microsoft SNA server was honestly the best thing out there.  I had a NT 4.0 / SNA 2.11 install that had uptime in YEARS, while the later SNA 3.0, 4.0 and HIS stuff constantly had issues.

For email, I thought I’d go with something positively ancient, Microsoft Mail 2.1c.

Microsoft Mail

Microsoft Mail

Back then, email programs were just flat databases that allowed multiple people to read/write/lock files over a network. It is very reminisce of how BBS multiuser doors & databases work. MS Mail 2.1 includes clients for MS-DOS, Windows 3.X while the later 3.5 version included an OS/2 client that used the WLO libraries, which was a port of Windows 3.0 to run on top of OS/2.  I kind of covered this thing back here, although it was mostly geared to version 3.5, it basically is the same thing.

I’ve been using a Windows NT 4.0 server loaded up with the FPNW, so it looks like a NetWare server.  Although Netware 3.12 runs on Qemu 0.90, it is lacking UDP bridge support to communicate with dynagen/dynamips.  I did find out that VirtualBOX does support the UDP bridge, and will even run Netware 3.12, HOWEVER, after transferring a few megabytes, the server will stop responding, and dynamips will crash.  Not a very satisfactory solution.  So until I get around to backporting the UDP code, this NT server will serve as my virtual ‘Netware’ server for the time being.

I was also going to run SQL Server 4.21a on WindowsNT, however I did come across SQL Server for OS/2, so I will be installing an OS/2 machine complete with Lan Manager, and SQL Server.  The only downside is that LanManager relies on the non-routable NetBEUI protocol.  However it is just as awkward as bridging mainframe traffic, so I guess that is a hidden plus. While a program to talk to the database outside of the old isql stuff would be nice, I suspect that doing anything beyond Visual Basic + ODBC would take too much time, and honestly not really be all that worth it.

Also looking at this fine program, Stomper, which lets your share a modem over a network, I thought it would be fun to try in combination with rlfossil for some BBSing adventures.  Back before the internet was open to commercial ISPs it wasn’t uncommon for corporations to pool modems over a LAN.  Remote access was typically handled with specialized hardware appliances like the Shiva LanRover. As far as I know, the only real dialup server that Microsoft had was incorporated with Windows NT 3.5.

Once I get this networking operating correctly, then I’ll start to add things like redundancy via HSRP in my core site, backup network connections, an internet connection, upgrade to an exchange server, some BGP peering, and a VPN server.

Just like the real world!

Configuring TCP/IP

Cisco routers are born to do TCP/IP.  And looking at the networking world today, it is pretty safe to say that you will be on a TCP/IP network.  Luckily configuring TCP/IP on the router is pretty easy.  IP addresses are assigned per interface, as a typical router will have many ip addresses.

As always it does help to have a ‘plan’ for what ip addresses will go where in your network.

I’m using the network that I described earlier, here.

From my corertr1 router I’m going to setup 3 networks, a server network, a user network, and finally a network to connect to my WAN router.  The IP networks that I’m going to use are the following:

WAN 138.1.0.0/24
SERVER 138.1.1.0/24
USER 138.1.10.0/24

The first thing I want to do is examine the existing configuration of the FastEthernet 0/0 port which will be my ‘wan’ network port.

corertr1#sho run int fa0/0
Building configuration…

Current configuration : 83 bytes
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
end

As you can see it is shut down, and has no ip address assigned.  We can also check the ethernet’s status with a show interface fa0/0

corertr1#sho interfaces fastEthernet 0/0
FastEthernet0/0 is administratively down, line protocol is down
Hardware is i82543 (Livengood), address is ca00.383b.0008 (bia ca00.383b.0008)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:02:30, output 00:01:40, output hang never
Last clearing of “show interface” counters 00:00:01
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

The important part here is this line:

FastEthernet0/0 is administratively down, line protocol is down

First the interface is ‘administratively down’ meaning that it is configured this way. In cisco speak this interface is ‘down, down’. This is different from a ‘up/down’ interface that is configured to be ‘up’ or operational, but is not working.  That will appear like this:

FastEthernet0/0 is administratively up, line protocol is down

Which indicates that there is a hardware problem.

The first thing we are going to do is turn the interface ‘on’.

corertr1#config t
Enter configuration commands, one per line. End with CNTL/Z.
corertr1(config)#interface fastEthernet 0/0
corertr1(config-if)#no shut
corertr1(config-if)#exit
corertr1(config)#exit
corertr1#
16:41:01: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
16:41:01: %SYS-5-CONFIG_I: Configured from console by console
16:41:02: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
corertr1#

Notice that when we type in “interface fastEthernet 0/0” the prompt changes to (config-if) meaning that we are now configuring an interface.  Type in the question mark, and you can see all the possible options you have on this interface.  The physical interface is where you select things like speed, duplex, line encapsulation.  If the interface doesn’t have any ‘virtual’ members like 802.1Q, or frame relay as a few examples, you can put an ip address on the interface.  Also take note that when I typed in the first ‘exit’ the prompt changed back to (config) meaning we are no longer configuring the fastEthernet 0/0 interface.  The next exit then takes us out of the config mode all together.

The next thing that happens is that the router turns the interface on, and then generates a syslog event which is followed by a console message letting us know that that fastEthernet interface is now operational as its state is now up.

Now I’m going to go back into the configuration mode, and setup the IP address

corertr1#config t
Enter configuration commands, one per line. End with CNTL/Z.
corertr1(config)#interface fastEthernet 0/0
corertr1(config-if)# description WAN network
corertr1(config-if)# ip address 138.1.0.5 255.255.255.0
corertr1(config-if)#exit
corertr1(config)#exit
corertr1#

Notice that I also set a description on the interface.  This makes it easier to remember what goes where.  Always if possible put in descriptions! Now if we check the interface configuration we will now see:

corertr1#sho run interface fastEthernet 0/0
Building configuration…

Current configuration : 119 bytes
!
interface FastEthernet0/0
description WAN network
ip address 138.1.0.5 255.255.255.0
duplex auto
speed auto
end

Which looks fine.

Another GREAT feature of the cisco routers is the CDP protocol, or cisco discovery protocol.  CDP will broadcast on every interface a special packet that other cisco devices will pick up on, to let you know that who/what you are plugged into.  To take a look simply run the command show cdp neigh

corertr1#sho cdp neigh
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID
corewan1 Fas 0/0 134 R 7206VXR Fas 0/0

This tells us that our Fast ethernet 0/0 is connected to a 7206VXR called corewan1 on it’s Fast ethernet 0/0.  You can get even more information with the command ‘show cdp neighbors detail’

corertr1#show cdp neighbors detail
————————-
Device ID: corewan1
Entry address(es):
Platform: cisco 7206VXR, Capabilities: Router
Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/0
Holdtime : 129 sec

Version :
Cisco Internetwork Operating System Software
IOS ™ 7200 Software (C7200-JS-M), Version 12.2(31), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Thu 11-Aug-05 15:57 by tinhuang

advertisement version: 2
Duplex: full

As you can see this even tells us what version of software our neighbour is running. Sometimes you don’t want to tell people (like 3rd parties) what you are running so you can turn off CDP on the router, or just the interface that is connected to the 3rd party.

So with our first interface configured, I’m going to go and setup the rest of my interfaces, then I’m going to show an overview with the ‘sho ip interface brief’ command like this:

corertr1#sho ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 138.1.0.5 YES manual up up
FastEthernet0/1 unassigned YES NVRAM administratively down down
Ethernet1/0 138.1.1.1 YES NVRAM up up
Ethernet1/1 138.1.10.1 YES NVRAM up up
Ethernet1/2 unassigned YES NVRAM administratively down down
Ethernet1/3 unassigned YES NVRAM administratively down down
Ethernet1/4 unassigned YES NVRAM administratively down down
Ethernet1/5 unassigned YES NVRAM administratively down down
Ethernet1/6 unassigned YES NVRAM administratively down down
Ethernet1/7 unassigned YES NVRAM administratively down down

As you see this shows the interfaces that are capable of having an ip address, and which ones do have an ip address.  Now let’s configure the ‘WAN’ router with an IP address so we can do a ping. From dynagen bring up the corewan1 console:

=> console corewan1

You will probably want to setup the router much like how we did in the prior page.

corewan1#config t
Enter configuration commands, one per line. End with CNTL/Z.
corewan1(config)#int fa0/0
corewan1(config-if)#desc WAN network
corewan1(config-if)#ip address 138.1.0.6 255.255.255.0
corewan1(config-if)#exit
corewan1(config)#exit

Notice that I gave it .6 not .5 as that would be a duplicate ip address!  CDP updates every 60 seconds by default, so after a minute this is what we now see from corertr1:

corertr1#show cdp neighbors detail
————————-
Device ID: corewan1
Entry address(es):
IP address: 138.1.0.6
Platform: cisco 7206VXR, Capabilities: Router
Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/0
Holdtime : 124 sec

Version :
Cisco Internetwork Operating System Software
IOS ™ 7200 Software (C7200-JS-M), Version 12.2(31), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Thu 11-Aug-05 15:57 by tinhuang

advertisement version: 2
Duplex: full

Notice we now see the peer ip addres!  Now we can ping.

corertr1#ping 138.1.0.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 138.1.0.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/21/24 ms

Although it may not be important now, but ping has an incredible featureset on cisco routers.  Simply type in ping this time, and be amazed.  Google will lead you to what all these options mean for now, but just be aware this is one of the reason people buy cisco routers.

corertr1#ping
Protocol [ip]:
Target IP address: 138.1.0.6
Repeat count [5]:
Datagram size [100]: 1000
Timeout in seconds [2]: 3
Extended commands [n]: y
Source address or interface: 138.1.0.5
Type of service [0]:
Set DF bit in IP header? [no]: y
Validate reply data? [no]: y
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]: y
Sweep min size [36]: 500
Sweep max size [18024]: 600
Sweep interval [1]:
Type escape sequence to abort.
Sending 505, [500..600]-byte ICMP Echos to 138.1.0.6, timeout is 3 seconds:
Packet sent with a source address of 138.1.0.5
Packet sent with the DF bit set
Reply data will be validated
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!
Success rate is 100 percent (505/505), round-trip min/avg/max = 16/21/44 ms
corertr1#

Now that we can ping, we can even telnet to the wan router from the core router.

corertr1#138.1.0.6
Trying 138.1.0.6 … Open

|\ _,,,—,,_
/,`.-‘`’ -. ;-;;,_
|,4- ) )-,_..;\ ( `’-‘
‘—”(_/–‘ `-‘\_) Welcome to the corewan1

Authorized users ONLY!!!!

User Access Verification

Password:

We can even check to see who is ‘on’ the router with the who command.

corewan1>who
Line User Host(s) Idle Location
0 con 0 idle 00:00:17
* 2 vty 0 idle 00:00:00 138.1.0.5

Interface User Mode Idle Peer Address

corewan1>q

Wasn’t that simple?

Physical network topologies

This is part of my on going thing about cisco networking.

I guess I can go on about various serial port standards from the good old fashioned RS-232, and V.35.  Not to mention things like T1/E1/J1’s with HDLC, Frame relay, Ethernet, TokenRing, ATM….

 

And of course various virtual technologies like VPN’s, and tunnelling.

 

So for now, my placeholder will just contain one little gem of wisdom about V35 cables.

A bunch of V35 cables

A bunch of V35 cables

When you are connecting V35’s remember to slowly screw them in, and try to screw both screws in at the same time, or a little bit on each side.  If you try to screw one side in all at once, you could break the screw, or worse it’ll help you strip the other screw trying to go in as it’ll be all lopsided.

 

Frame Relay

Frame relay is a great ‘slow’ networking cloud solution from back in the day.  For people who were going to deploy global WAN solutions that were going to be sub T1/E1 speeds, frame relay was the way to go.  You would simply get a T1 port installed in each of the sites, then the provider will then create PVC’s from each of the sites.  What is great is you can (theoretically) quickly provision new sites, and change service classes as needed.  Sadly for frame relay it is hampered by the port speed being only a T1/E1, limiting it to 1.5MB/2MB.  But heck it is from the mid 1980’s, so what do you expect?

Configuration

On the Dynamips / Dynagen simulation configuring frame relay is pretty simple.  The Frame Relay switch is already configured in my example here:

[FRSW F1]]
1:102 = 2:201
1:103 = 3:301

Which just specifies that on my WAN router pvc 102 goes to pvc 201 in New York, and pvc 103 goes to pvc 301 in Hong Kong. For simplicity sakes, all the physical serial ports are S1/0. With this in mind, let us first configure the physical interfaces in all the routers.

So the first step is to set the encapsulation on the serial interface to frame-relay.  Then turn the interface on.

nycrtr1#config t

Enter configuration commands, one per line. End with CNTL/Z.
nycrtr1(config)#int s1/0
nycrtr1(config-if)#encapsulation frame-relay
nycrtr1(config-if)#no shut
nycrtr1(config-if)#^Z
nycrtr1#

Now we wait for the interface to transition.

nycrtr1#
00:18:43: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
00:18:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
nycrtr1#

Now we can check to see if the router see’s the PVC going to the core wan router.

nycrtr1#sho frame-relay pvc

PVC Statistics for interface Serial1/0 (Frame Relay DTE)

Active Inactive Deleted Static
Local 0 0 0 0
Switched 0 0 0 0
Unused 1 0 0 0

DLCI = 201, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE, INTERFACE = Serial1/0

input pkts 0 output pkts 0 in bytes 0
out bytes 0 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
switched pkts 0
Detailed packet drop counters:
no out intf 0 out intf down 0 no out PVC 0
in PVC down 0 out PVC down 0 pkt too big 0
shaping Q full 0 pkt above DE 0 policing drop 0
pvc create time 00:02:12, last time pvc status changed 00:02:02

Looks good!

Now lets configure the DLC on the frame relay sub interface

nycrtr1#config t
Enter configuration commands, one per line. End with CNTL/Z.

nycrtr1(config)#int s1/0.201 point-to-point
nycrtr1(config-subif)#frame-relay interface-dlci 201
nycrtr1(config-subif)#ip address 135.0.0.6 255.255.255.252
nycrtr1(config-subif)#^Z

nycrtr1#

Now for the ultimate test once the other side is configured.

corewan1#sho run int s1/0.102
Building configuration…

Current configuration : 140 bytes
!
interface Serial1/0.102 point-to-point
description NewYork
ip address 135.0.0.5 255.255.255.252
frame-relay interface-dlci 102
end

corewan1#ping 135.0.0.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 135.0.0.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/24 ms
corewan1#

And there we go, our Frame relay is up!

ThinkPad 860 Saga – Part 1

(note this is a guest post from Tenox)

Not long ago I have managed to purchase a working ThinkPad 850. This was no small achievement because in last 15 years I only scored 2 dead ones, for parts. As luck strikes twice, merely a week after 850 I’ve acquired the ultra uber and ultimate laptop of all – RS/6000 Notebook 860. Err what?

860-1

Technically 860 is a ThinkPad. However it was marketed for the business / RISC users, as a laptopized  RS/6000 to run AIX, instead of oddball an ThinkPad with weirdo CPU that couldn’t even run Microsoft Office which was 850. In fact both the sales manual and product brochure do not even mention Windows NT or OS/2 at all. Smart move, but too little too late.

What are the differences? Most importantly compared to it’s younger brothers the laptop has a whooping 12″ display and massive resolution of 1024×768. This is actually not bad even in today’s standards, compared to my MacBook Air 11″. Having 860 and 850 aside the difference is massive.

tp

Secondly the CPU is much faster running at 166 MHz vs 100 MHz for TP850. While 66 MHz in today’s standards is nothing, the actual difference is more than 50%.

That’s the good side. But there is the bad and ugly.

The laptop arrived with a rather nasty looking memory error:

mem

I’ve tracked down the error in a support document, it translates to “Memory Error. Run memory tests”. So I did and memory passed just fine. What is going on?

test

So I’ve decided to ignore and try to install an OS. So happen I did have a handy Windows NT 4.0 CD and ARC floppy disk. I’ve went and installed ARC, but Windows NT wouldn’t boot and it was freezing during driver load. Nothing would help.

I have spent days trying to fix the problem. Tried replacing memory cards, running diagnostics, everything else. Because lower 32MB RAM is soldered on the motherboard I was just about to order a replacement one.

Then by a coincidence I’ve found this FAQ question … “ThinkPad 860 prompts for HAL diskette”, wait what? The answer has it – “860 support was planned for NT 4.0 PowerPC edition which never shipped. There is an unsupported HAL disk image here…”

Once HAL disk was loaded to Windows installer the system booted correctly. Note that the HAL disk also contains a video driver for the GT20 graphics card which is S3 M65 (86CM65):

1

It also turns out that once the hard disk was formatted and Windows NT was installed the memory error went away! Completely. I haven’t seen it since. I’m thinking it wasn’t a memory error but rather corrupted boot record or partition table.

Anyway here it is Windows NT 4.0 PowerPC:

3

I’m not going to go through Windows setup or ARC screens as they are covered elsewhere.

So the next step was to get the beast on to the net. Not an easy task to find a suitable NIC nowadays! Fortunately Windows NT CD has a HCL.HLP – Hardware Compatibility List. Browsing the help file I was able to filter out a handful of PCMCIA network cards with PowerPC support:

  • 3Com 3C589 Etherlink III PCMCIA Ethernet Adapter
  • 3Com 3C589C Etherlink III PCMCIA Ethernet Adapter
  • IBM PCMCIA Ethernet Adapter II
  • National Semiconductor InfoMover NE4100 PCMCIA Ethernet Adapter
  • NoteWorthy Ethernet PCMCIA Adapter II
  • Socket Communications Socket EA PCMCIA

The last two are actually NE2000 compatible and use a common NE2K driver. Remembering some issues with the card I decided to go for a 3C859C from ebay instead. Later on I’ve found that the only supported PCMCIA LAN cards under AIX 4.1 are, surprise – IBM PCMCIA Ethernet Adapters. So I’ve got one of them on ebay as well.

4

The 3Com card worked flawlessly out of the box. Showed up in the PCMCIA control panel, driver installed automatically and I’ve got in on DHCP.

From there it was rather easy. First thing one needs is latest service pack and hotfixes. Unzip and wsftp32 also come handy. And then there is the text editor!

Finding a working web browser was a challenge again. The default IE1 wouldn’t even support HTTP/1.1. Mosaic is not much better. Fortunately Internet Explorer 3.01 saved the day!

6

Apart from that there is almost zero software available for download for Windows NT PowerPC. The only larger utility collection is Windows NT 4.0 Resource Kit which surprisingly has full support for PPC. There are also Dependency Walker, Psychedelic Screensaver, Winimage, PkZip, etc. If you have more software please send! I’m also porting some more.

On the hardware side interestingly Cygnus Supply has a very large stock of replacement parts for these laptops. If you have a broken one you can try your luck there. You could probably assemble a full laptop from the parts. Don’t be put of by “request a quote”. I used them many times before and they usually come up with reasonable prices for the parts. Make sure to have an exact IBM P/N. Also you can buy a “brand new” replacement battery. For failing hard drives a 2.5″ SCSI disk may be a problem. You can by a CF card adapter here.

Last but not least I’ve collected some links to sites with TP 8×0 stuff:

In the next part I will cover MSVC, SDK, DDK and some porting efforts I’ve been doing…

Updates:

  • Ronald Gaudet sent me some useful software like Putty, Vim, Emacs!
  • Working to compile some more like Lynx, VNC, maybe even early Mozilla
  • The hard disk started giving up. I have ordered CF Powermonster II 2.5″ SCSI to CF converter!
  • Few high res screenshots made with IP KVM:

splashSplash screen…

easysetupEasy Setup…

firmwareSecret Firmware Prompt…

Getting started with a cisco router

To get started with a cisco router, you’ll first need a console cable.  The newer equipment uses USB, but needs a special driver for use under Microsoft Windows.  The older stuff uses the venerable RS232 protocol, however depending on the age of the equipment it could be a DB25 or a DB9, or perhaps even a RJ45 port in which you’ll need to plug into for the first time to configure the router.  They all start up a 9600 baud, no parity, eight databits, one stop bit (N81).  With newer computers getting a working RS232 port can be a challenge, so don’t throw away any computer that has a working RS232 port.  It may save your life one day.

Since I am using dynagen/dynamips for my example I open up my configuration with dynagen, then start all my routers like this

=> start /all
100-VM ‘nycrtr1’ started
100-VM ‘corewan1’ started
100-VM ‘corertr1’ started
100-VM ‘hkgrtr1’ started
=>

Then I can console to my selected router by typing in console (router)

=> console corertr1
=>

From there it will act like a real console port, just as if I had plugged in a serial console cable. With the console connected, and the router powered up you’ll eventually find the following question being asked:

% Please answer ‘yes’ or ‘no’.
Would you like to enter the initial configuration dialog? [yes/no]:

This is the first thing you’ll be greeted with on the console port of a virgin cisco router.  Honestly I don’t like the intial configuration, and prefer to do this all by myself.

From there the router will prompt you with the cheery:

Press RETURN to get started!

And once you press enter, a status of all the interfaces will be displayed, and you’ll be dumped at the router prompt.

Router>

From here we are in an unprivileged mode, only able to enter in some basic commands, but unable to change the configuration, or do anything really meaningful. You can view what commands are available by typing in a question mark (hit enter!), and the list will scroll by. To change to the enabled (supervisor) mode, we simply type in enable.

Router>enable
Router#

Notice how the prompt changed from > to #.  Now try the ‘?’ command again, and notice that we can do far more commands.

Some useful commands include

  • show version
  • show running-config
  • show log
  • who
  • dir

Take note that the ‘show’ command has many, many possible options to give it.  This will be the command you will use the most to figure out what is going on, inside of your network.

The ‘show running-config’ command will show us the current configuration that the router has.  Take note that it will ask you to hit ‘more’ as you go through the configuration as this has more than 24 lines to display.  This is because your ‘console’ is configured by default for 24 lines (show line 0).  Like everything else it too can be changed, but for now we’ll leave the paging function in.

This is what a ‘blank’ or empty configuration looks like:

Router#sho run
Building configuration…

Current configuration : 974 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
ip subnet-zero
!
!
!
ip cef
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Ethernet1/0
no ip address
shutdown
duplex half
!
interface Ethernet1/1
no ip address
shutdown
duplex half
!
interface Ethernet1/2
no ip address
shutdown
duplex half
!
interface Ethernet1/3
no ip address
shutdown
duplex half
!
interface Ethernet1/4
no ip address
shutdown
duplex half
!
interface Ethernet1/5
no ip address
shutdown
duplex half
!
interface Ethernet1/6
no ip address
shutdown
duplex half
!
interface Ethernet1/7
no ip address
shutdown
duplex half
!
ip classless
no ip http server
!
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
line aux 0
line vty 0 4
!
end

You may be thinking that for a ‘blank’ router there is a lot of things in here.  The important thing to notice right now is all the interfaces, and that they are currently in shutdown mode.  By default a router will have all of its interfaces turned OFF.  This is to prevent things from automatically “working” or screwing things up in spectacular ways. Also notice with ethernet interfaces they are typically configured at half duplex.  You very well may want to change this on a real router, emulated ones don’t matter, but if you connect a cisco router to a cisco switch, and the duplex is mismatched they will both let you know.  Quite a bit.  So do pay attention to things like that.  In between each bang (!) is a section of the configuration that can be altered by the user as you see fit.  But right now it just allows a console to plug in, and have full access.

So what are some basic things I like to setup on my routers?  Well to start a name is nice.  We enter the configuration mode from within the enable mode by typing in ‘configure terminal’.  From there we change the hostname by simply typing in hostname along with the name that we want to give the router.  Notice that the name of the router now appears on the prompt.

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname corewan1
corewan1(config)#

We can now exit the configure mode by hitting CONTROL+Z.

corewan1(config)#^Z
corewan1#
02:26:53: %SYS-5-CONFIG_I: Configured from console by console

Notice that the router will trigger a syslog event, and display it on the console.  All of this is configurable but right now this is the factory default behaviour.

It is important to take note that cisco routers have two configurations, the running configuration, and the startup configuration. When you make changes to a live system, you alter the running configuration, not the startup configuration.  This is done this way that in the event that you lock yourself out of the router (removing ip routing, changing the WAN ip address, typoing the passwords.. mistakes happen) a simple power cycle will restore the router to the prior configuration.  It is imperative to test what you can when you make major changes from a second telnet console before saving the configuration.  It can take valuable time to track people down in remote countries, and walking them through a power cycle of the routers can be daunting as they usually don’t ever touch the routers.

To make this change now ‘permanent’ by committing it to the NVRAM, we can issue the command ‘copy running-config startup-config’

corewan1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]
corewan1#

Take note that we *MUST* be out of the configuration mode to issue this command.

The ultimate test is to reboot the router, and verify that it does come up with the new configuration.  To reboot a router the command is simply reload. However with dynamips reloading the router will cause it to crash.

corertr1#reload
Proceed with reload? [confirm]y
00:20:13: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.

ROM: reload requested…

%ALIGN-1-FATAL: Corrupted program counter
pc=0x0, ra=0xBFC011A4, sp=0x62B819D8

%ALIGN-1-FATAL: Corrupted program counter
pc=0x0, ra=0xBFC011A4, sp=0x62B819D8

But switching to dynagen we can quickly restart the router process.

=> stop corertr1
100-VM ‘corertr1’ stopped
=> start corertr1
100-VM ‘corertr1’ started
=> console corertr1
=>

And now we are booted into the router.

00:00:05: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
00:00:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
corertr1>

I should also point out that from dynagen I also save the router configuration, which will attach it to the network config file.

=> save corertr1
saved configuration from: corertr1
=>

It should be as easy as that.

Now let’s get to some nice things to add.

I always like banners to at least let you know where you are.  Some people like to have legal disclaimers warning against unauthorized access, or even ascii art.

corertr1#config t
Enter configuration commands, one per line. End with CNTL/Z.
corertr1(config)#banner motd Z
Enter TEXT message. End with the character ‘Z’.
|\ _,,,—,,_
/,`.-‘`’ -. ;-;;,_
|,4- ) )-,_..;\ ( `’-‘
‘—”(_/–‘ `-‘\_) Welcome to the corertr1

Authorized users ONLY!!!!

Z
corertr1(config)#^Z
corertr1#
00:07:23: %SYS-5-CONFIG_I: Configured from console by console

Notice the ‘Z’ which is how I let it know that I’m done with my banner.

Passwords are also a good thing, for now I’m not going to put one on the console, but instead on the ‘vty’ ports which we will configure later for telnet access into the router.  Why not the console?  Well right now I’m operating under the idea that if you have physical access to the router, you are into the network anyways.  Obviously this may not meet your needs, but it is fine for my simple introduction.

I’m going to use a simple password of ‘cisco’.

corertr1#config t
Enter configuration commands, one per line. End with CNTL/Z.
corertr1(config)#line vty 0 4
corertr1(config-line)#password 0 cisco
corertr1(config-line)#exit
corertr1(config)#enable password 0 cisco
corertr1(config)#^Z
corertr1#

First the vty part has the parameter 0 4 which gives the router the ability to handle five connected telnet sessions.  Maybe you want more, maybe you want less.  The next part is that after the password keyword, I’m using the number 0 which means the password is unencrypted.  It has been my experience that you ALWAYS ALWAYS ALWAYS configure the passwords using a 0, as some versions change things, and your encrypted strings may not work how you expected them to.

Another fun feature in IOS 12 is the pipe (|) which you can use to filter output from the show command.  Right now our passwords are in clear text, so we are going to encrypt them.  First to verify that they are clear:

corertr1#sho run | include password
no service password-encryption
enable password cisco
password cisco

Now we enable encryption, and re-run the command:

corertr1#config t
Enter configuration commands, one per line. End with CNTL/Z.
corertr1(config)#service password-encryption
corertr1(config)#^Z
corertr1#sho run | include password
00:11:36: %SYS-5-CONFIG_I: Configured from console by console
service password-encryption
enable password 7 060506324F41
password 7 121A0C041104
corertr1#

Now our passwords are not so obvious!  But be aware that there are ways to crack these simple passwords.

Screen Shot 2013-09-19 at 9.11.21 AM

My password was cracked!

You can check the site for more information on a more ‘secure’ approach to passwords, but for now it doesn’t matter.

With all of this done, we should save our configuration, and proceed to the next step.

Another popular thing to do is turn off DNS queries.  If you make a typo at the command line, the router will assume that you are trying to telnet to a host.  By default with no DNS servers specified, it will then do a broadcast twice trying to find a DNS server.  This can delay you for 30 seconds to a minute which when you are in a network downtime scenario is very annoying.  To disable this ‘feature’ simply add this to your configuration

no ip-domain lookup

And you’ll never have to worry about this!

cisco router guide

So from the last article I thought I’d go over some basic stuff about cisco routers…

And expect more to change as I go through this some more.

So I thought I’d go through something incredibly elaborate

and for the fun of it.

I’ve been playing with the latest release of dynamips (0.2.10), and very excitingly it can build for x86_64 OS X!  So I thought I’d build up a good sized network, much like what I first was exposed to when I started doing cisco networking back in the 1990’s.

Sadly I didn’t hold onto any IOS from back then, so I’m using something much newer, 12.2.  Back then I actually had some IGS stuff with version 9, and bunch of stuff on version 10 & 11.  For the most part I was lucky to use a 7513 as my wan core router, a 7200 for an access router, and 5500’s as my core route/switch fabric with ATM.  It was … very complicated for the day.

To get the ball rolling, I thought I would build out a core site, with a user & server VLAN (voip was a dream back then), and two sites connected via frame relay.  The protocols I most care about will be IPX/SPX and TCP/IP.  I was thinking of porting back the UDP patches for Qemu to version 0.90 so I could run Netware 3.12 in the mix, but honestly it is just easier to use the Netware file & print services for NT 4.0.

So along with the dynamips program, I’m using the obsolete (and easier to configure IMHO) dynagen program.

I’ve fed it a configuration like this:

autostart = False

[localhost]

[[7200]]
image = C7200-JS.BIN
npe = npe-400
ram = 160
idlepc = 0x60529c84
disk0 = 0
mmap = False
ghostios = True

[[ROUTER corertr1]]
model = 7200
slot1 = PA-8E
F0/0 = coresw1 1
E1/0 = coresw1 3
E1/1 = coresw1 8

[[ROUTER corewan1]]
model = 7200
slot1 = PA-8T
F0/0 = coresw1 2
s1/0 = F1 1
configuration = ”

[[ROUTER nycrtr1]]
model = 7200
slot1 = PA-4T+
f0/0 = nycsw1 1
s1/0 = F1 2
configuration = ”

[[ROUTER hkgrtr1]]
model = 7200
slot1 = PA-4T+
f0/0 = hkgsw1 1
s1/0 = F1 3
configuration = ”

#Frame relay switch
[[FRSW F1]]
1:102 = 2:201
1:103 = 3:301

#Core ethernet
#vlan 5 WAN
#vlan 6 server
# 4 FPNW-DC 138.1.1.10
#vlan 7 workstation
[[ethsw coresw1]]
1 = access 5
2 = access 5
3 = access 6
4 = access 6 NIO_udp:41300:127.0.0.1:51300
5 = access 6 NIO_udp:41301:127.0.0.1:51301
6 = access 6 NIO_udp:41302:127.0.0.1:51302
7 = access 6 NIO_udp:41303:127.0.0.1:51303
8 = access 7
9 = access 7 NIO_udp:41304:127.0.0.1:51304

[[ethsw nycsw1]]
1 = access 1
2 = access 1 NIO_udp:41305:127.0.0.1:51305

[[ethsw hkgsw1]]
1 = access 1
2 = access 1 NIO_udp:41306:127.0.0.1:51306

Screen Shot 2013-09-18 at 10.21.03 PM

Or something like this

Ok, now this may look complicated, but in all reality it really isn’t.  It is always a good thing to keep track of what network addresses you are going to use, so here is my chart:

 

Description IPX IP Mask
CORE
FA0/0 Wan Interconnect C0000001 138.1.0.5 255.255.255.0
Eth1/0 Server C0010001 138.1.1.1 255.255.255.0
Eth1/1 User C0010002 138.1.10.1 255.255.255.0
WAN
Fa0/0 Wan Interconnect C0000001 138.1.0.6 255.255.255.0
S1/0.102 New York PVC A0000001 135.0.0.5 255.255.255.252
S1/0.103 Hong Kong PVC A0000002 135.0.0.1 255.255.255.252
New York
Fa0/0 User C10000001 136.2.0.1 255.255.255.0
S1/0.201 Core PVC 201 A0000001 135.0.0.6 255.255.255.252
Hong Kong
Fa0/0 User C20000001 136.1.0.1 255.255.255.0
S1/0.301 Core PVC 301 A0000002 135.0.0.2 255.255.255.252

For simplicities sake for the routers & IOS I’m using 7200’s everywhere.  The 7200 is a good router with plenty of slots, so it fits my needs just fine.  I suppose I could track down a 2600 or 1700 IOS image, and use them for the access sites, but for now it doesn’t matter.  Mostly because of the ghostios image option where the same memory map can be shared between routers, and of course my Mac Pro has 16GB of RAM.

Now the exciting part of this configuration is that I can easily connect in Qemu 1.6.0 processes to this configuration, allowing me to test the network out in its entirety.  Even better thanks to it being UDP, I can reboot and restart the Qemu or router processes at will.

Naturally like any test scenario, I should spell out some goals, along with some applications that I hope to be able to run.  So to start, a simple setup with an NT 4.0 server with the FPNW services setup.  To run Qemu to attach to the first port on the server VLAN in the core switch I start Qemu like this:

./qemu/qemu-system-i386 -cpu pentium -L ./qemu/pc-bios/ -m 64 -hda FPNW-DC.vmdk -net nic,model=pcnet -net nic,model=ne2k_isa -net socket,udp=localhost:41300,localaddr=0.0.0.0:51300

And from there by changing the UDP numbers I can easily jump VLANs.  Fun.  The major thing is that each additional instance of Qemu will need a unique MAC address, so additional instances should be run like this…

./qemu/qemu-system-i386 -L ./qemu/pc-bios/ -m 16 -net nic,model=pcnet,macaddr=00:11:22:33:44:55 -net socket,udp=localhost:41304,localaddr=0.0.0.0:51304  -fda nwclient-pcnet.vfd

So maybe I should launch into some big diatribe on cisco routers, networking and the rest of the fun stuff.  And maybe I will.

I think the next article will be an anchor page for various topics of what I’m going to get into, and from there evolve my network from the mid 90’s before the internet craze into something far more modern.  And of course a page going over the scope of what I hope to create.

Public Domain Operating System

So, I came across this project from some random google search on Watcom the other day.  Simply put it is a MS-DOS API that is supported in both a 16bit real mode operating system, and a 32bit operating system.  It is quite sparse but very interesting all the same.  Using the ancient EMX port of GCC you can build 32bit (simple) programs, and run them in the 32bit DOS like Operating System.  What makes this even more interesting is that there is a port to the IBM 370, and 390 based hardware, along with the fictional 380.

Screen Shot 2013-09-16 at 6.40.03 PM

PDOS-16 booting in Qemu 1.6

Screen Shot 2013-09-16 at 6.39.47 PM

PDOS-32 booting in Qemu 1.6

You can download my diskimages, (VMDK & floppy disk) that I’ve used with Qemu to build & boot PDOS both 16bit and 32bit.

The included libc & system libraries are lacking compared to real MS-DOS, but this is public domain code, and with a bit of TLC it could be made into something much more.

Upgrading Debian Squeeze to Wheezy

These are just my notes on what I had to do, while upgrading my VPS from Debian Squeeze (6.0.7) to Debian Wheezy (7.1)

Just to verify what version I’m running:

# lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 6.0.7 (squeeze)
Release:	6.0.7
Codename:	squeeze

First edit the /etc/apt/sources.list to include ONLY

deb http://ftp.de.debian.org/debian/ squeeze main contrib non-free
deb-src http://ftp.de.debian.org/debian/ squeeze main contrib non-free

deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free

# squeeze-updates, previously known as 'volatile'
deb http://ftp.de.debian.org/debian/ squeeze-updates main contrib non-free
deb-src http://ftp.de.debian.org/debian/ squeeze-updates main contrib non-free

Next we walk apt through an update/upgrade phase to make sure everything is current before we do the actual upgrade

apt-get update
apt-get upgrade
apt-get dist-upgrade

Now we have to make sure no packages are being held from being upgraded:

dpkg --audit
dpkg --get-selections | grep hold

Then we run ‘aptitude’ and press ‘g’ hoping to get the message:

No packages are scheduled to be installed, removed or upgraded

Which means we are ready to proceed with the upgrade!

Now edit /etc/apt/sources.list to ONLY include:

deb http://ftp.de.debian.org/debian wheezy main contrib non-free
deb-src http://ftp.de.debian.org/debian wheezy main contrib non-free
deb http://ftp.de.debian.org/debian wheezy-updates main contrib non-free
deb http://ftp.de.debian.org/debian-security wheezy/updates main contrib non-free

Now we are ready to pull the trigger!

apt-get update
apt-get upgrade
apt-get dist-upgrade

Provided that went well, we can now reboot into the new system!

# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 7.1 (wheezy)
Release: 7.1
Codename: wheezy

Caveats!

First thing I had an issue with, was re-running apt-get update/apt-get upgrade I got the following errors:

The following packages have been kept back:

db4.8-util ia32-libs

So let’s fix the ia32-libs issue first.  For those who don’t know, ia32-libs lets x86_64 systems run old i386 32bit binaries.  Trying a simple ‘fix’ of installing the libraries got me this:

# apt-get install ia32-libs
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 ia32-libs : Depends: ia32-libs-i386 but it is not installable
E: Unable to correct problems, you have held broken packages.
#

Luckily the fix is rather simple, we need to add the i386 architecture, like this:

# dpkg --add-architecture i386

Then re-run an apt-get udate/apt-get upgrade, followed by the installation of the ia32 libraries:

#apt-get install ia32-libs

And that settled that out.

The db4.8-util thing was somewhat easier:

 

# apt-get install   db4.8-util
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  lib32asound2 lib32bz2-1.0 lib32gcc1 lib32ncurses5 lib32stdc++6 lib32tinfo5
  lib32v4l-0 lib32z1 libc6-i386 libio-stringy-perl libjpeg62
  libmono-corlib2.0-cil libmono-i18n-west2.0-cil libmono-posix2.0-cil
  libmono-security2.0-cil libmono-system2.0-cil libmysqlclient16 libsox1b
  libt1-5 mono-2.0-gac
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
  libdb4.8
The following packages will be upgraded:
  db4.8-util
1 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
Need to get 829 kB of archives.
After this operation, 121 kB disk space will be freed.
Do you want to continue [Y/n]? y

Which seemed to be fixing things, but it was an out of date mono installation on my part. So I had to re-add the location where I got my mono:

deb http://debian.meebey.net/pkg-mono ./

Then remove it

apt-get update
apt-get upgrade
apt-get remove mono-2.0

Then remove the mono line from the /etc/apt/sources.list

apt-get update
apt-get upgrade
apt-get install mono-2.0

Another error message I saw in my apache error log was this:

Error: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20100525/suhosin.so' -
/usr/lib/php5/20100525/suhosin.so: cannot open shared object file: No such file or directory in Unknown, line 0

Which can be traced to a no longer supported extension suhosin. So I just purged it from the system:

aptitude purge php5-suhosin

Another problem that has cropped up is the following when adding or removing packages:

dpkg: warning: files list file for package ‘libc6:i386’ missing; assuming package has no files currently installed
dpkg: warning: files list file for package ‘libtinfo5:i386’ missing; assuming package has no files currently installed
dpkg: warning: files list file for package ‘liblzma5:i386’ missing; assuming package has no files currently installed
dpkg: warning: files list file for package ‘libavahi-common-data:i386’ missing; assuming package has no files currently installed

I’m not sure why this suddenly happened.  However the fix is simple enough, we just have to regenerate the lists, something like this for libc:

dpkg-deb -c /var/cache/apt/archives/libc6_2.13-37_i386.deb | awk {‘print $6’} | cut -f2- -d. | sed ‘s|^/$|/.|’ | sed ‘s|/$||’ > /var/lib/dpkg/info/libc6:i386.list

And that seems to be it so far.