I haven't posted for a while. Work has been hectic, I failed my CCIE written and lost all motivation, and many other excuses. Whilst I haven't really been studying CCIE stuff, I have been productive. I have been learning Python. I decided to automate the process of loading the INE initial configs onto my CSR routers, using a Python script, and the power of pexpect …Read whole post...
Recently we had a Cisco Web Security Appliance (WSA) Proxy fail. When I say fail, I mean a single stick of RAM failed after a reboot. Cisco said RAM isn't replaceable so we had to RMA the whole box (odd for a device that is basically a rebadged server...maybe I have a money saving idea for you Cisco!)
There were a few steps to …Read whole post...
I was recently involved in a project upgrading the core firewall pair from Checkpoint R71.40 SPLAT to R77.20 GAiA. While very different, a lot of the configuration is pretty straight forward, and well documented in various articles on the Checkpoint website.
This setup runs BGP on the firewalls, to learn routes from our internal VRF's and also the WAN VRF where our MPLS …Read whole post...
We have just undertaken a project to upgrade the Checkpoint Management server from R71.40 to R77.20. It went very smoothly, and was probably a lot easier than I first expected.
The first thing to note is that this upgrade cannot be done direct. In accordance with the upgrade path, you must first upgrade to R75.40.
Luckily for us, we had shiny new …Read whole post...
What you don't need while you are checking your morning emails and drinking your first cup of coffee of the day is to receive an email saying that the VSM for the Nexus 1k has rebooted.
By the time we logged on to the Nexus 1000v, it was back up. "show system redundancy status" showed both VSM's (supervisors) as being up and HA. The "show …Read whole post...
This is a very short section! I didn't see the point in harping on about wireshark, I use it most days at work. And the IOS embedded packet capture was discussed in length further up the blueprint (i.e. in a previous blog post).
1.3.c Interpret packet capture
1.3.c (i) Using Wireshark trace analyzer
Packet capture can be obtained using a …Read whole post...
This is another difficult section in the blueprint to write about. I find troubleshooting techniques and methodologies to be quite personal; no two people's brains work the same way. I guess this is based on how I do things and some tips I've received from a few people over the years.
1.3.b (i) Diagnose the root cause of networking issue (analyze symptoms, identify …Read whole post...
1.3.a Use IOS troubleshooting tools
1.3.a (i) debug, conditional debug
Debugs can be used on a wide range of functions (debug ?). Some debugs can be very noisy. Debug conditions can be set to filter out some of the noise – for example debug condition interface fa0/0 will limit the debug information to things using that interface. Undebug all does not remove …Read whole post...
As the blueprint goes, this is, in my opinion, the most vague topic to write about. It is dependent on the understanding of the topics, and how the changes will impact the existing network. I have skimmed through this really, with the intention of covering the topics in their actual topic sections. I am pretty used to evaluating impact - I seem to spend my entire …Read whole post...
This topic made me think about the starvation stuff. I suppose it is pretty obvious that UDP wouldn't back off if WRED was employed, but it's something I never really thought about.
I found a few good videos on YouTube which gave some good RTP/RTCP overviews.
1.1.f (i) Starvation
TCP Starvation / UDP Dominance is experienced in times of congestion where UDP and …Read whole post...
- Check Point
- Feature Navigator
- General Networking
- Monitor Capture
- network type
- Nexus 1000v
- Packet Capture
- Palo Alto
- Parser Views
- Raspberry Pi
- Spanning Tree
- Study Notes