The Data Plumber

Just seen something on the j-nsp list about using Multitech USB modems on the USB port of J-series routers, so I thought I’d post a link here for my future reference.

L2TPv3 has been designed to transport layer-2 frames of various types over a layer-3 backbone.  Some aspects of the configuration are similar to that of EoMPLS - just without the need to deploy MPLS!

Packets are tunneled across the layer-3 network completely transparently, such that the two devices appear to be connected together. In the case of ethernet tunneling, there is no learning of MAC addresses - what goes in one side, comes out the other. That includes CDP, Spanning Tree and so on.

Read the rest of this entry »

DPT and RPR (802.17) are both dual ring-topology networks, where the traffic in each ring rotates in different directions.  DPT seems to have come first, it then became a standard of the IEEE in 2004, albeit with a few limitations.  So Cisco support a kind of Cisco-proprietary RPR on some of their equipment (the ONS optical platforms) that they consider better. Read the rest of this entry »

I’m starting to bite my nails - I’ve got the CCIE SP written on Friday and have only just started revising for it this weekend! Ok - I know it isn’t as harrowing as the actual lab (which I have yet to book), but I just can’t decide where to begin… Read the rest of this entry »

I’ve not been posting very much recently because I had a lot of holiday to use up, and also spent a week on a CCIE bootcamp in San Jose. I’m considering going for CCIE number 2 - the service provider one this time! Read the rest of this entry »

Just posting a basic l2circuit configuration for my own reference… Piece of cake really, but it won’t work unless you use a dynamic routing protocol - the static that I had configured wasn’t enough.

Read the rest of this entry »

We’ve just been in the lab trying to get a router upgraded from 8.2 to the latest 8.4R2.3, and have been having some issues…  Read the rest of this entry »

Basic setup to get an IP|Engine onto the network:

View IP configuration:

[ipe]$ ipconfig -d
Current configuration:
[MGT] IPaddr : 192.168.0.1
IPmask : 255.255.255.0
intfMTU : 1500
Gateway :
Hostname : ipe
Serial mode : yes
Copyright (c) Ipanema Technologies 2000-2006
[ipe]$

Configure the IP information:

[ipe]$ ipconfig mgt -a 192.168.1.1 -m 255.255.255.0 -g 192.168.1.254

Set the hostname:

[ipe]$ ipconfig -h MyIPEngine

Permit telnet and SSH access:

[MyIPEngine]$ netconfig +ssh +telnet

You’ll need to reboot after these commands have been entered.  The command is (unsurprisingly) ‘reboot’.

Just been scratching my head about how to change the telnet session timeout on a Juniper SSG-140. I wanted to change from the default of 60 seconds to something more reasonable. Looked in the config and there’s a line in there which reads “set admin auth timeout 60″, but when I try to put in “set admin auth timeout 360″ I get the following:

NS1(M)-> set admin auth timeout 360
^———-unknown keyword timeout
NS1(M)->

Unknown keyword, despite being able to see it in the config?

It seems that I needed to use a different command - “set console timeout 360″. This command governs the console port and any telnet sessions, while the command I thought I needed to use affects WebUI and SSH sessions only.

There are various cipher suites available in the CSS for encrypting SSL traffic (if you have the SSL module, that is…).  You can choose which to support and weight them in your SSL proxy list if you don’t agree with Cisco’s interpretation of which should be used first.

A customer just asked me what key length the “rsa-with-3des-ede-cbc-sha” cipher used, since most of the other cipher names have a key-length in their name, but this one doesn’t.  Also, confusingly, browsers didn’t seem to agree on what was in use either - IE6 said it was 128-bit, Firefox said 168-bit and IE7 didn’t say anything at all/

So I did a bit of exploring to find out what 3DES was all about. Read the rest of this entry »