Logging discriminator on routers and switches, logging lists on ASA


If your routers/switches send useless but high-level messages to your syslog server, you can use a logging discriminator to eliminate some unwanted log messages.


This is an example of a cisco bug message on a Cisco 881 router. It doesn’t mean anything and can only be fixed with an ios upgrade. You can also choose not to do anything about it because nothing is actually broken, but the syslog has a critical class and looks ugly in your kiwi logs.

734605: Jul 15 12:33:26.295 CEST: %SYS-2-CHUNKINVALIDHDR: Invalid chunk header type 1 for chunk 8419EBA4, data 8419FEEC -Process= „Net Background”, ipl= 3, pid= 27,  -Traceback= 0x8084F720 0x80037078 0x8034D438 0x8170FA3C 0x8170D6AC 0x8170D978 0x816E6BD0 0x8190F7CC 0x8190FDC0 0x80C13514 0x8144F354 0x803241D4 0x80C1370C 0x8144F354 0x80B3B538 0x81450CC8

To eliminate this critical syslog entry, use a logging discriminator.

logging discriminator NOCHUNK severity drops 2 facility drops SYS mnemonics drops CHUNKINVALIDHDR

logging console discriminator NOCHUNK

logging monitor discriminator NOCHUNK

logging trap warnings

logging host discriminator NOCHUNK


On firewalls, you need a different approach, because the discriminator has not been implemented on ASA.Therefore, you need to add messages on top of a specific logging level.

Logging message 111111 level errors (find message number in cisco documentation)

or use lists:

logging list my_critical_messages level 1
logging list my_critical_messages message 611101-611323
logging trap  my_critical_messages




IT security nightmares


Today just a list of things you should never do as a network engineer

  • putting guests on the corporate network
  • having the same preshared keys for 5 years
  • not having descriptions on interfaces
  • not having labels on patch panels
  • not having any network documentation
  • using swearwords as passwords
  • whole datacenter connected with one cable to the core switch
  • core switch with CPU spiking to 100% hundred times a day
  • terminal server connecting to that almost-dead core switch
  • having no change management

Much as i hate these things, fixing them makes me feel like a superman / wise rabbi figure. I give myself extra points if i manage to stay calm, too.



Building a home lab


Been a bit busy with my home lab. Here’s what i’ve managed so far:

  • got a public IP from Polkomtel
  • installed the sim card in a Huawei 593s
  • used an old 48 port Dell switch to connect to the Huawei router
  • created a basic 10-router, 6 switch topology to practise configurations for my new job
  • plugged all equipment into my new wonderful GemBird IP PDUs so that I can power on my equipment from the Internet
  • installed two new Cisco terminal servers 2509
  • ordered a second-hand 2621xm + NM-32 terminal server to plug in more devices in the future

I’m still missing a rack (cashflow!) but September looks promising.

Other than that, I’ve been preparing my crowdfunding campaign at http://www.polakpotrafi.pl. It will take a while to cook cause of all the account verifications, but I might be able to actually launch the campaign late July / early August. Leaflets and posters are ready for printing, so this, too, waits for my next salary. Doesn’t everything…

Exam update: I’ve passed JNCIS-ENT. I’m taking SISAS on Wednesday. SITCS needs to wait until end of September or until I do more paid overtime 🙂

Tomorrow I’m finishing the lab so you may expect some diagrams and basic configs.


Exam time


Been a while since the last update but things have never been busier. I’ve passed CCDA and SIMOS, the latter was especially difficult. I’m still taking JNCIS-ENT soon, so I don’t think the courses will start in April as planned before. My current employer is sending me to Norway for a few weeks to launch a new maintenance contract so most likely the first course won’t start until September. But it’s for the better – I will have had more time to get everything ready by then.

As to SIMOS – can’t reveal much without violating NDA, but the exam is definitely more difficult than it would transpire from the exam scope on official exam pages. You need to really dig deep into the official documentation, plus the passmark is rather high. The quality of the exam is typically low and quite embarassing.

With SIMOS passed, I’m halfway through my CCNP security path so two more to go in 2016. I’m also planning to do my JNCIP and CCDP so that I can focus on CCIE entirely in 2017. Ambitious but doable.

Once back from Norway, I should be able to get the first remote rack running. I’ve found a place to run it from so it’s now just a question of assembling and configuring everything.

I’ll try to write a bit more next week after my next exam.

…and it’s off to the races!


The website is finally ready together with the final version of our commercial!

Watch it at https://www.youtube.com/watch?v=KsX8E6oC_iQ 

Course-wise, it looks like April 2 is still on! Leaflets are almost ready to be printed, some hardware testing has been done already, too. First customers are starting to ask about the company, which is surprising if you take into account that i haven’t done any marketing yet. Cool!

From March onwards I’ll start posting network-related materials. I’m thinking a combined Cisco-Juniper course for beginners. We’ll see.






Curriculum is a hard word

Today just a short update. I’m super excited creating a fun-packed learning plan for the first course in April. I’m really interested to see how much can be taught (and internalized) in 6 days. Ideally this should be a flexible plan with CCENT core material + some CCNA and even CCNP stuff on top if there’s enough time after 5pm each day. So those of you who see BGP – do not fear. This only covers the basics and is only there for completeness sake. I don’t want anybody who has attended my course to be unfamiliar with crucial routing concepts, but I cannot possibly expect anybody to be a BGP expert after a 6 days CCENT course. BGP is there so that you’re not afraid of your senior colleagues when they’re discussing their more expert-level stuff.

I expect I’ll finish the bird’s-eye view of the curriculum tomorrow and I’ll get down to detailed activity plans, which should take me around 2-3 months. I’ll keep you updated!


CCENT – because you want to be a hero


A friend of mine saw my website today and she was like: ”ok, but why would I need a CCENT cert in the first place? Tell them why they need your course”. And I realized that she’s spot on – why does anybody need a CCENT?

So what does doing a CCENT course give you?

First of all, this is an important step towards your future career. CCENT is like putting your foot in the door to say: hey, I could be a junior network admin in the future.

Also, it’s a way of finding out if this is something you might enjoy doing. How can you know if you like networks if you’ve never attended a cisco course? 6 days (that’s the duration of my CCENT course) is definitely worth it because this might be a beginning of a great adventure.

Finally, because it’s such a brave new world. Once you’ve mastered the basics, you can move on to new IT learning paths: virtualization, data center, software defined networks, you name it. CCENT can give you a solid foundation that you can build on while exploring technologies like voice, wireless, design etc. It’s a universal key that you will be using over and over and over again. If you speak English, hold a CCENT/CCNA certificate plus you decide to learn a bit about Linux, the world is your oyster.

What do you need to do,then?

  • take my 6 day course
  • read a Cisco official guide
  • watch any CCENT online course
  • use a simulator or buy real gear to lab up what you’ve learnt
  • register at Pearson Vue
  • make an appointment (exam fee is roughly $250)
  • take the CCENT test
  • give yourself a present (a new Cisco router, perhaps?)

So on to Step 1: email me at tdewille@kursyitdlahumanistow.com or call 601079955 between 5 and 8p.m.


How to get started


Beginnings can be scary so to make it less so for you, here’s how you can get started with learning about networks.

  1. You definitely need some reference material,  be it a udemy online course, a cbtnuggets.com subscription,  ine.com subscription, or any cisco press book. Pick a CCENT or CCNA-level course in routing&switching. My personal recommendation is CBTNuggets CCNA course or Chris Bryant’s CCNA course at udemy.com. Both very good value for money and you will have so much fun doing those courses.
  2. You need to lab up everything you learn in the online courses. You have a few options here, because you will either:
  • want to buy real gear
  • use a simulator – not recommended but hey if you’re low on space&cash, this might be a good option. Pick Boson or Cisco VIRL or GNS3.
  • use a remote rack rental service

What do I recommend?  I used to say that real gear is best but Cisco VIRL simulator is such a great tool and recent updates add even more cool stuff that I simply don’t know. If you have a garage or a cellar, get real gear, but don’t overinvest. At the basic CCNA level a whole set doesn’t set you back much, but once you get to the expert level it starts to be really expensive, and I mean REAAALLY expensive. Do your maths and think whether it will pay off for you. It did for me. As to remote rack rental: cool stuff (proctorlabs rules!!!) but in the long run you might want to invest in your own lab, rather than paying for someone else’s equipment.

To sum it up:

  • real gear is by far the coolest option but you need to know what to buy which at the beginning is not that easy.  You should be able to get a CCNA level set for less than $500
  • remote rack rental is good for start because you only pay by the hour. But you don’t see how it all works because you just connect remotely and there’s no cabling, no flickering lights. It’s all out there and this may negatively affect your understanding of how networks actually work. One session (usually 4 hours) is somewhere between 2-4$. You will need about 30-40 sessions to take the CCNA (basic Cisco exam)
  • Cisco VIRL simulator is the next BIG thing. But you need a powerful PC to run it on AND you need to know how to run it as a virtual machine so it’s not for beginners. Check the pricing on the Cisco website because it keeps changing.


What would I do if I were you? I would go to http://www.kursyitdlahumanistow.com and enroll on a 6-day (3 weekends) course. Why? Because it will make you an independent learner. After my course you will know what equipment to buy, what books to read, what exams are worth taking and what to do next. And it’s just $300 which is waaaaaay below what you would pay for reference material+remoterack or live gear.

Have any questions? Email me at tdewille@kursyitdlahumanistow.com (better option) or call 601079955 between 5 and 8 pm (i’m a full time network admin during the day).