NetworkJutsu

Networking & Security Services | San Francisco Bay Area

General

IP Address Management

By 5 Comments

IPAM (IP Address Management) software is important in medium and large network. It may be helpful in a small network depending on how you define small. There are several ways to manage IP addresses and the two well known ways are spreadsheet and IPAM software. Managing IP addresses on a spreadsheet can be a nightmare and provides no automation. IPAM software provides automation and an easy to use interface.

IPAM software ranges from zero dollars to thousands of dollars. If your organization has a budget for a paid version of IPAM, then it’s time for you to research and evaluate all the paid versions out there. If the money is tight, then you’re in luck since there are several free IPAM software out there and this article will concentrate on one of them, which is IPplan.

IPplan is a free (GPL), web based, multilingual, TCP IP address management (IPAM) software and tracking tool written in php 4, simplifying the administration of your IP address space. IPplan goes beyond TCPIP address management including DNS administration, configuration file management, circuit management (customizable via templates) and storing of hardware information (customizable via templates). IPplan can handle a single network or cater for multiple networks and customers with overlapping address space. Makes managing ip addresses and managing ip address space simple and easy!

In this tutorial, it assumes that you have and/or know the following:

  • A physical machine or VM with at least 8GB HDD space and 512MB RAM
  • How to install Ubuntu Linux Server Edition with LAMP
  • How to use an editor in Linux environment

Here are the steps to implement IPAM software using IPplan:

Download and install current Ubuntu Linux Server Edition on a physical machine or virtual machine (VM). Do not forget about LAMP when it asks you what packages you want to be installed during the installation process.

Once done with the installation. Update your Ubuntu box. The step is optional, but I recommend you to update your software.

admin@ubuntu:~$ sudo apt-get update
admin@ubuntu:~$ sudo apt-get dist-upgrade

Once your Ubuntu box has been updated, download IPplan from Sourceforge.

admin@ubuntu:~$ wget http://downloads.sourceforge.net/project/iptrack/ipplan/Release%204.92/ipplan-4.92b.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fiptrack%2Ffiles%2Fipplan%2FRelease%25204.92%2F&ts=1325009788&use_mirror=iweb

Once the download is complete, this will create a file on your home folder – in this case it is in /home/admin. The file is called ipplan-4.92b.tar.gz and with part of the URL. There maybe a way to download it and use a specific name instead of a long name, but unfortunately I do not know how to do it since I have a limited experience with wget command. My remedy is to just change the file name by using the command below.

admin@ubuntu:~$ mv ipplan* test.tar.gz

Once renamed, we need to untar (unzip in Windows term) the file. This tar file will unzip a directory called ipplan.

admin@ubuntu:~$ tar -xvzf test.tar.gz

We need to move the ipplan folder to its proper destination where Apache can access it.

admin@ubuntu:~$ sudo mv ipplan /var/www

We now need to create a database, in this tutorial the name of the database is ipplan. Once the command has been issued, it will ask you for the MySQL password. This is the password that you set up during the installation process.

admin@ubuntu:~$ mysqladmin -u root -p create ipplan

Using root to access database is not a good idea, so we need to create a user called ipplan to access the ipplan database.

admin@ubuntu:~$ mysql -u root -p ipplan

We now need to give all rights to ipplan user to modify and access the ipplan database.

mysql> grant all on ipplan.* to ipplan@localhost identified by 'put_your_ipplan_password_here';

Yes, the single (‘) quotation marks are included in the command. If you forget to put the single quotation marks, it will give you an error.

Reload the rights and exit.

mysql>flush privileges;
mysql>exit

Change the config file of IPplan. Feel free to use your favorite Linux editor. This tutorial is using VI editor to edit configuration files.

admin@ubuntu:~$ sudo vi /var/www/ipplan/config.php

Find the following and change the value of DBF_PASSWORD.

define("DBF_TYPE", 'maxsql');
define("DBF_HOST", 'localhost');
define("DBF_USER", 'ipplan');
define("DBF_NAME", 'ipplan');
define("DBF_PASSWORD", 'put_your_ipplan_password_here');

For security purposes, change the password of the IPplan’s admin account. If you exit out of the config.php, go back and look for

define("ADMINUSER", 'admin');
define("ADMINPASSWD", 'put_your_admin_password_here');
define("ADMINREALM", 'IPplan admin authentication');

We need to change permissions to allow access to /var/www/ipplan directory.

admin@ubuntu:~$sudo chown -R www-data /var/www/ipplan
admin@ubuntu:~$sudo chmod -R 750 /var/www/ipplan

You’re now done with the Linux CLI. We can now access the IPplan webpage by going to the URL below. See the screenshot below.

http://ipplan_ip_address_here/ipplan/admin/install.php

By default, the Upgrade option is selected and needs to be changed to New installation. Leave the Run the SQL Now option. Click Go. You will be asked for the IPplan admin user account. Once done, you will see a webpage just like the one below.

The IPplan is now installed and ready to be configured. To access the webpage, go to the URL below

http://ipplan_ip_address_here/ipplan

I hope this has been helpful and I thank you for reading!

Update: This still works under Ubuntu Server 12.04 LTS.

Reference

IPPLAN – The Easy Tutorial by OpenManiak

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.

Configuring Terminal/Access Server

By Leave a Comment

This post shows you how to configure a Cisco router to act as a terminal or access server. Terminal/Access server makes it easy for you to be able to have console access to important devices on your network or if you have a bunch of routers and switches for your CCIE home lab.

Without further delay, here’s the configuration on how to configure your terminal/access server.

TERMSRV (config)# interface loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0
 ip add 192.168.0.254 255.255.255.0
!
ip host BB1 2001 1.1.1.1
ip host BB2 2002 1.1.1.1
ip host BB3 2003 1.1.1.1
ip host R1 2004 1.1.1.1
ip host R2 2005 1.1.1.1
ip host R3 2006 1.1.1.1
ip host R5 2008 1.1.1.1
ip host R6 2009 1.1.1.1
ip host S4 2010 1.1.1.1
ip host S3 2011 1.1.1.1
ip host S2 2012 1.1.1.1
ip host S1 2013 1.1.1.1
ip host R4 2014 1.1.1.1
!
end

The commands below are optional. I had problems with my Cisco 2511 and this is the configuration that seemed to fix the issue. Unfortunately, I don’t exactly remember what it was since that was few years ago.

TERMSRV (config)# line 1 16
 flush-at-activation
 transport input telnet
 autohangup
!
end

I hope this has been helpful and I thank you for reading.

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.

How to bond T1s

By Leave a Comment

Here are the two methods on how to bond T1s. There may be more methods to do so, but these two are probably the most commonly used in most environments.

Below is how to bond two T1s. You can definitely add more if needed.

Router (config) # interface s0/0/0
 service-module t1 timeslots 1-24
 encapsulation ppp
 ppp multilink
 ppp multilink group 1
!
interface s0/1/0
 service-module t1 timeslots 1-24
 encapsulation ppp
 ppp multilink
 ppp multilink group 1
!
interface multlink1
 ip address x.x.x.x y.y.y.y
 ppp multilink
 ppp multilink group 1

Second method is how to bond three T1s using Frame Relay encapsulation. You can definitely add more T1s if needed.

interface MFR1
 frame-relay lmi-type cisco
!
interface MFR1.XXX point-to-point
 ip address x.x.x.x y.y.y.y
 frame-relay interface-dlci XXX
!
interface Serial0/0/0
 encapsulation frame-relay MFR1
 service-module t1 timeslots 1-24
 no arp frame-relay
 frame-relay multilink lid first-link
!
interface Serial0/1/0
 encapsulation frame-relay MFR1
 service-module t1 timeslots 1-24
 no arp frame-relay
 frame-relay multilink lid second-link
!
interface Serial0/2/0
 encapsulation frame-relay MFR1
 ip route-cache flow
 service-module t1 timeslots 1-24
 no arp frame-relay
 frame-relay multilink lid third-link
!

I hope this has been helpful and I thank you for reading!

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.

Configure Frame Relay Switching on a Cisco router

By Leave a Comment

Whether you are building a CCIE home lab or not, this will help you configure a Cisco router to act as a Frame Relay switch.

To better understand the topology of this particular scenario, I attached a Visio diagram below.

Without further ado, here are the commands to turn your Cisco router to a Frame Relay switch.

FR (config)#frame-relay switching
!
interface serial 1/1
 description R1 to R2 and R1 to R3
 encapsulation frame-relay
 clock rate 128000
 frame-relay lmi-type cisco
 frame-relay intf-type dce
 frame-relay route 102 interface serial1/2 201
 frame-relay route 103 interface serial1/3 301
!
interface serial 1/2
 description R2 to R1
 encapsulation frame-relay
 clock rate 128000
 frame-relay lmi-type cisco
 frame-relay intf-type dce
 frame-relay route 201 interface serial1/1 102
!
interface serial 1/3
 description R3 to R1
 encapsulation frame-relay
 clock rate 128000
 frame-relay lmi-type cisco
 frame-relay intf-type dce
 frame-relay route 301 interface serial 1/1 103
!
end

To verify that this configuration works, let’s configure all three routers and ping the IP of the interfaces.

R1 configuration:

R1 (config)#interface Serial0/0
 no ip address
 encapsulation frame-relay
!
interface Serial0/0.102 point-to-point
 ip address 2.2.2.1 255.255.255.0
 frame-relay interface-dlci 102
!
interface Serial0/0.103 point-to-point
 ip address 3.3.3.1 255.255.255.0
 frame-relay interface-dlci 103
!
end

R2 configuration:

R2 (config)#interface Serial0/0
 no ip address
 encapsulation frame-relay
 frame-relay lmi-type cisco
!
interface Serial0/0.201 point-to-point
 ip address 2.2.2.2 255.255.255.0
 frame-relay interface-dlci 201
!
end

R3 configuration:

R3 (config)#interface Serial0/0
 no ip address
 encapsulation frame-relay
!
interface Serial0/0.301 point-to-point
 ip address 3.3.3.3 255.255.255.0
 frame-relay interface-dlci 301
!
end

Ping verification:

R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/15/44 ms
R1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/15/48 ms
R2#ping 2.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/19/76 ms
R3#ping 3.3.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/23/80 ms

Congratulations, you’ve just configured a Cisco router to act as a Frame Relay switch!

I hope this has been helpful and thank you for reading!

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.

Network Performance Testing Tool

By Leave a Comment

Knowing the performance of your network and having tool(s) to measure it is important. There are a lot of network performance tool out there and IXIA’s IxChariot is probably the most popular software out there in terms of network performance testing. This software has a lot of features and scripts that will help Network Engineers to view the performance of their network. I actually know someone who uses this software to measure MOS (Mean Opinion Score) and to compare throughput in different WLAN products. Great software comes with price tag, while I do not have the price list of IxChariot, let’s just assume that the organization that you work for do not have the budget to buy such a software. Fortunately, there is a freeware called Iperf or Jperf that can help with your network performance testing.

Iperf is a free cross-platform network testing tool that allows you to create TCP or UDP data streams and measure your network’s throughput. Jperf is basically the same as Iperf, but is displayed in GUI (Graphical Unit Interface) form instead of CLI (Command Line Interface). While GUI is nice, I don’t really like anything written in Java due to past personal experiences, so I try to stick with CLI as long as it is easy to use. I think Iperf is pretty easy to use – thanks to its help file. While it is easy to use, does not mean that I know everything there is to know about it. I am still learning how to use all the command line switches available in this tool. My experience is limited to just putting a load in a circuit and/or just measuring throughput in a WLAN environment, so feel free to experiment using the tool.

As mentioned, this software is cross-platform, so you can choose to run it on Windows or Linux. If you’re using Windows box to run Iperf, you can download the file here. If you’re using Linux, then the link above will suffice. Since I am an Ubuntu Server Edition user, I like using apt-get to download and install software. To download Iperf on Ubuntu, type the command below:

admin@ubuntu:~$ sudo apt-get iperf

Downloading Iperf on one machine is just half of it. You need another end-point to measure network performance. Iperf, IxChariot, and other similar tools are client-server based software. That said, there should be two end-points running the software, one as a server and the other as a client. In this article, I will show you a combination of Linux and Windows as the end-points – Linux is running as server and Window as a client. This is just a very basic test to measure my throughput at home.

On the server side (Linux), issue the command below:

admin@ubuntu:~$ iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------

On the client side (Windows), issue the command below:

C:Users\Administrator\Desktop>iperf -c 192.168.0.100 -n 500000M -i 1

Once issued, you should see something like this on the client side:

------------------------------------------------------------
Client connecting to 192.168.1.45, TCP port 5001
TCP window size: 8.00 KByte (default)
------------------------------------------------------------
[376] local 192.168.1.20 port 50740 connected with 192.168.0.100 port 5001
[ ID] Interval       Transfer     Bandwidth
[376]  0.0- 1.0 sec  9.20 MBytes  77.2 Mbits/sec
[376]  1.0- 2.0 sec  9.04 MBytes  75.8 Mbits/sec
[376]  2.0- 3.0 sec  9.78 MBytes  82.1 Mbits/sec
[376]  3.0- 4.0 sec  9.91 MBytes  83.2 Mbits/sec
[376]  4.0- 5.0 sec  9.90 MBytes  83.0 Mbits/sec
[376]  5.0- 6.0 sec  9.28 MBytes  77.9 Mbits/sec
[376]  6.0- 7.0 sec  9.56 MBytes  80.2 Mbits/sec
[376]  7.0- 8.0 sec  9.59 MBytes  80.4 Mbits/sec
[376]  8.0- 9.0 sec  9.60 MBytes  80.5 Mbits/sec
[376]  9.0-10.0 sec  8.56 MBytes  71.8 Mbits/sec
[376]  0.0-11.0 sec   104 MBytes  79.5 Mbits/sec

The command above just basically tells Iperf to send 500,000 megabytes worth of TCP data and report the measurement every second. To learn more about the available options, issue the command below:

C:Users\Administrato\rDesktop>iperf - help
Usage: iperf [-s|-c host] [options]
       iperf [-h|--help] [-v|--version]
Client/Server:
  -f, --format    [kmKM]   format to report: Kbits, Mbits, KBytes, MBytes
  -i, --interval  #        seconds between periodic bandwidth reports
  -l, --len       #[KM]    length of buffer to read or write (default 8 KB)
  -m, --print_mss          print TCP maximum segment size (MTU - TCP/IP header)
  -o, --output     output the report or error message to this specified file
  -p, --port      #        server port to listen on/connect to
  -u, --udp                use UDP rather than TCP
  -w, --window    #[KM]    TCP window size (socket buffer size)
  -B, --bind         bind to , an interface or multicast address
  -C, --compatibility      for use with older versions does not sent extra msgs
  -M, --mss       #        set TCP maximum segment size (MTU - 40 bytes)
  -N, --nodelay            set TCP no delay, disabling Nagle's Algorithm
  -V, --IPv6Version        Set the domain to IPv6
Server specific:
  -s, --server             run in server mode
  -U, --single_udp         run in single threaded UDP mode
  -D, --daemon             run the server as a daemon
Client specific:
  -b, --bandwidth #[KM]    for UDP, bandwidth to send at in bits/sec
                           (default 1 Mbit/sec, implies -u)
  -c, --client       run in client mode, connecting to 
  -d, --dualtest           Do a bidirectional test simultaneously
  -n, --num       #[KM]    number of bytes to transmit (instead of -t)
  -r, --tradeoff           Do a bidirectional test individually
  -t, --time      #        time in seconds to transmit for (default 10 secs)
  -F, --fileinput    input the data to be transmitted from a file
  -I, --stdin              input the data to be transmitted from stdin
  -L, --listenport #       port to recieve bidirectional tests back on
  -P, --parallel  #        number of parallel client threads to run
  -T, --ttl       #        time-to-live, for multicast (default 1)
  -Z, --linux-congestion   set TCP congestion control algorithm (Linux only)
Miscellaneous:
  -x, --reportexclude [CDMSV]   exclude C(connection) D(data) M(multicast) S(settings) V(server) reports
  -y, --reportstyle C      report as a Comma-Separated Values
  -h, --help               print this message and quit
  -v, --version            print version information and quit
[KM] Indicates options that support a K or M suffix for kilo- or mega-
The TCP window size option can be set by the environment variable
TCP_WINDOW_SIZE. Most other options can be set by an environment variable
IPERF_, such as IPERF_BANDWIDTH.
Report bugs to iperf-users@lists.sourceforge.net

Being freeware it won’t have all the bells and whistles of the paid software equivalent, so expect some disappointments. However, if you’re just looking for basic stuff that is a little bit powerful than IXIA’s Qcheck application, then this is definitely the tool you need.

I hope this has been helpful and thank you for reading!

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.