NM-8A/S module as a terminal server

Using NM-16A/S or NM-32A/S is easy peasy, because they are dedicated terminal server modules and you have octal cables. But NM-8A/S is a bit more complex because you need more cables, adapters, and special commands to get this working. Now, I don’t recommend the NM-8A/S modules but sometimes you can get them really cheap compared to the other ones, so here’s how to set it up as a terminal server:

  • put the module into a 2621xm router (or any of the routers listed on nm-8A/S Cisco page)
  • take a Cisco CAB-232MT cable, connect it to one of the ports on the module
  • take the male end of the CAB-232MT cable and connect it to DB-25female>DB9male adapter.
  • connect the adapter to a standard cisco blue console cable
  • plug the rj45 into some other router’s console port

Now power up the 2621xm, go to the serial interface (remember that they’re numbered from the right):

conf t

int s1/0

physical-layer async

 

This causes the serial to go into async mode.

Now issue the command:

show line

This command shows you which line you need to use (in my case it was line 33, because the it’s S1/0 module. If it was S0/0 module, it would be line 1.)

Then, make a loopback0 interface and add an ip address to it:

int loop0

ip addr 10.0.0.1 255.255.255.0

Then, go to the line interface and modify the transport parameters:

conf t

line 33

transport input telnet

transport output telnet

 

Finally, create a host/port mapping:

ip host R1 2033 10.0.0.1

This maps the address/port to the name of the router that you want to manage.

Now you can manage other routers by telnetting to this router’s loopback interface:

telnet 10.0.0.1 2033

This moves you to the R1 console port.

Alternatively, just type R1 and press Enter.

You can use Shift+Ctrl+6 and then X to leave the managed router and go back to your terminal server.

Now add more mappings for other managed routers:

ip host R2 2034 10.0.0.1

ip host R3 2035 10.0.0.1

ip host R4 2036 10.0.0.1

and so on and so forth.

Rack2- more RAM for the routers

Hello

Today we’re preparing Rack2. The memory cards and the CF reader have arrived so I can add 256mb more memory to the 1841s and replace the IOS in a comfy way (i don’t like using tftp for that). It’s just 5 minutes per router so i’m quite happy I can finally prepare routers for the classes the way they should be prepared – packed with memory, new IOS, clean config.

I’m going to use the 2509 access router for this rack because i’m only putting 3 switches and 5 routers in it. Rack3 on the other hand will have up to 12 devices so i’m going to use a 2621xm+NM-32A/S for that.

Kaziu is actually making the rackmount kits (such a pain to find them) so I don’t know what I would do without him 🙂

Anyways, I’m ordering more memory chips and that’ll be it for today.

Next weekend I’m going make the supershort RJ45 to connect everything in Rack1 and Rack2 and i’ll start both of them up.

 

 

 

When things just work out of the box

I love Meraki access points. You take them out of the box, plug them into your switch, and as long as you have configured DHCP on your router, they just work! Mind you, it is strongly advised to change some security settings because you don’t want to broadcast an open network, but in theory you can just turn the AP on, add the access point to your network in the cloud (by adding the serial number from the back) and that’s it! And the cloud GUI is so clear and easy to use!

If only there were more companies that know how to make life of the network admin so easy.

More, more, and even more

Hello again

This week we’re getting hold of all the missing bits for Rack2, which means frantic ebay shopping for cables, memory expansion cards, NM modules, flash cards. It’s become a bit tedious because rack2 is basically a copy of rack1, so I thought that with each next rack, I’ll try to introduce small modifications. I’m thinking 2504 wireless controllers for rack3 and rack4 (April/May) and some voice equipment for rack5 and rack6 (September/October).

In the meantime, the 3560v2 with the 15.0 software have arrived but I don’t feel like taking stuff out of Rack1 again, so I’ll put them in Rack2 and Rack3. I also got those ginormous 3745s (so much space for modules!), 2821s and 2851s. They’re a bit heavy so I’ll use only one of those per rack. I didn’t actually calculate in their weight (ebay night shopping…when mind sleeps, hands order chunky routers) so in the future I’ll be ordering only small 8xx routers with 15.4+ IOS. Less power consumption, small and not as heavy, recent IOS.

 

Rack 1 ready to rumble

Just look at this: Isn’t this beautiful?  This is the rack that I’m going to use for demos:

1×3560

2×3550 (soon to be replaced by 3560v2 or 3560e)

2651xm + NM-32A (access server)

ASA 5520 (for vpn users)

1×2801

1×1921

5×1841

1x SRX210 (in case I want to draw a comparison with Junos)

In each rack there will be a small Edimax wifi router so that each group can connect to a separate SSID on a separate wifi band.

Big thanks to Kaziu!!! (”tak to by człowiek się w niedzielę obijał i chodził z kąta w kąt”)

dsc_0014

Blast from the past

Hello

Today I’m checking the 2509 access servers. I was a bit apprehensive because they’d been in my cupboard for a while and I don’t think I ever checked them when I bought them (cheaply!) Anyways, I powered them on and they both froze on bootup. I sent the break command and went into a very ancient ROMMON. I never thought I would use the o/r command again – life can be so funny sometimes. Anyways, the o/r 0x2142 <enter> i <enter> commands helped and I was able to boot the routers. I lucked out and found 8 async octal cables in the cupboard, too. Blimey, do I have useful stuff there!

This got me thinking if I would be able to start an Atari game if I bought one. Start+Option? Was that how you did it?

I’m now booting the 2651xm + NM-32A which will function as two more access servers. Keep your fingers crossed.

 

 

CiscoSEC 2016

Hello

Just a short post today because i’ve just come back from the CiscoSEC conference and I’m a tad tired. It was great to hear about all those new things happening in the security area: OpenDNS acquired by Cisco, ISE 2.1 with some really cool features like EasyConnect (eliminating problems with dot1x supplicants), posture&profiling enhancements, threat-centric NAC and so many others; finally the ubercool Cisco Stealthwatch… Then came the scary presentation showing how to use VBA (and social engineering) to take control of someone else’s computer. I’m never gonna click on anything anywhere. Even if it’s from my girlfriend 😉 Kudos to the guy from niebezpiecznik.pl who demonstrated that everything can be hacked.

On a more personal level, I joined ISSA Poland and invited them to come and see the demo of the courses I’m going to run together with WSB. I’m really looking forward to that event (Dec 8!)

New lab part 2 – network plan

schemat_sieci

This is how I planned out what the network will look like during our classes. As you can see on the left handside, I plan to have 5 routers, 3 switches, 1 console server and 2 power strips. In case we need more devices, we can insert them into the empty slots (it’s a 19U rack). There will be 5 routers in each rack so that we can do VPN tunnels between R1 and R3, where R2, R4, and R5 will simulate ISPs. 3 switches will represent a standard office network; they’re interconnected so that we can practise spanning tree and portchannels.

On the right handside I quickly sketched the bird’s eye view on the entire network (there can be more than 3 racks if needed for larger groups, of course). Home users will be able to vpn into their racks, while classroom users will be divided into groups. Each group will connect to their separate wifi network, which will allow them to connect to their console server.

Additionally, I can power up and down each rack remotely using Gembird power strips (not in the picture), because each power strip is connected to a managed power slot on the Gembird (two racks per one Gembird only even though Gembirds have 4 managed power slots because my walls are getting strangely warm 🙂

I spent the whole day putting more memory into the 1841 routers, checking flash cards, IOS etc. I fixed one fan and discovered that something must have eaten one of the fans in a 1841 router.

My homework is rather obnoxious in that I need to make some 2ocm crossover cables and patchcords and I’m a bit clumsy. More than a bit, actually.

That’s all folks!

 

 

New Lab part 1 – ZPAS cupboards

Hello

As i’ve said, I’m currently building a new lab that I will be using to teach Cisco courses. This is an ongoing project so some things may still change.

First, I’ll start with the racks. We’ve decided we’re going to use silent cupboards from ZPAS:

http://zpasgroup.pl/szafka-sjb-19-biurowa-silent.html

I’ve bought two sets, together with the power strips, wheelsets, and shelves. What was missing from the set was the M6 mount screws (40 PLN for 100 screws from allegro), the fan power plug was not made, but overall I love it! It’s really silent when I close the door and it actually looks nice in the living room a.k.a. my interim lab.

zpas_cupboard

News news news

Hello

It’s been a hectic few months but it’s been worth it.

  1. We now have a new website http://humanity.pl where you can buy our IT courses. This is something that I’ve been working on for the last 18 months but I never had time to actually make it real. Now me and my new business partner Dariusz Fedyk are working hard to get everything ready in time. If you buy now, you get a huge discount (>50%) so hurry up while stocks last 🙂
  2. We will be doing Cisco courses at WSB in Wroclaw. The first course starts in January but there’s also a demo that you can come and see still in December, see more details at http://www.wsb.pl/wroclaw/kandydaci/szkolenia/lista-szkolen/podstawy-sieci-komputerowych-kursy-dla-poczatkujacych?schedule=0
  3. We’re building a larger lab for our students: this is such a cool project and I will be posting more about the progress soon.
  4. I’ve passed CCNP Security! this took me about 18 months and while the exams themselves are not particularly well written, the experience overall was very good. I learnt a lot and I feel ready to take on CCDP in March next year (just before Junior is born.. which is even better news than this whole blog post put together)
  5. I quit my previous full-time job in June, which wasn’t surprising for anyone who knows me. My new job gives me much more freedom and the network is huge with 1000+ routers that I’m directly responsible for and which gives me plenty of room for self-improvement.