Something interesting about a Cisco 6500 is that it uses hidden internal VLANs. Most people will never be aware of this because the assignment starts in the extended VLAN range. An internal VLAN is created for every port in your chassis that is not an access port.
The command to view these VLANs is “show vlan internal usage“.
6509-router#show vlan internal usage
VLAN Usage
—- ——————–
1006 online diag vlan0
1007 online diag vlan1
1008 online diag vlan2
1009 online diag vlan3
1010 online diag vlan4
1011 online diag vlan5
1012 PM vlan process (trunk tagging)
1013 Control Plane Protection
1014 L3 multicast partial shortcuts for VPN 0
1015 Egress internal vlan
1016 Multicast VPN 0 QOS vlan
1017 IPv6 Multicast Egress multicast
1018 GigabitEthernet5/1
1019 vrf_0_vlan0
1020 GigabitEthernet6/2
1021 FastEthernet9/7
1022 FastEthernet9/6
1023 FastEthernet9/28
1024 FastEthernet9/25
1025 FastEthernet9/13
So, when beginning to do VLAN allocation planning, be sure to take this into account. It is best to begin your extended range VLANs at 1300 or above.
Looks like they have posted up PDFs on the presentations. Most seem to have pretty good information, with one in particular peeking my interest. Mikrotik API. They have a dll version and a compiled version you can use with batch files or a script of any kind to call it. They also have a Linux version and the C++ objects. I’ll have some scripts out using it soon 🙂
Update on this: The interface to the API referenced above is proprietary and requires licensing. I’m working on making a windows interface that requires no such licensing, and should have it out shortly.
So, as promised, here is my DNS change script. This is written in php for a BIND DNS server. Right now it is very simplistic; it is made to change a single A record, but can be adapted to do multiples at once.
This is designed to be used in conjunction with Webmin. Setup a remote monitor in the “System and Server Status” section under “other”.
Webmin will monitor your web server and ensure they are up and returning a webpage that matches a regex statement. If it does go down it runs our php script with the command line parameter of “down”. The script will then change the A record in the bind file to the secondary server’s IP and then restart the bind service. Once the server comes back up, the script runs again with “up” on the command line. The up command sets the a record back to the main server. This is meant to be run on the DNS server itself. This could be adapted to issue the rndc command to reload the single zone if you so wanted.
You will want to set the TTL on the A record down to like 60 seconds.
Click the link below for Webmin setup and the PHP script!
read more…
If you forget your password, there is no recovery procedure for Mirkotiks. You have to go back to factory default! To do this you need to connect your serial cable straight to the Mikrotik and follow the procedures in the below video tutorial.
Click the link below for the VIDEO!
read more…
I have a buddy over in Prague right now at the MUM. I should have more news form him in the near future. For now this is what he has to say:
MikroTik announced today at the Czech MUM that a new product will be release soon, similar to the 450, it will be a wired router complete with case and power supply for $50 US. The case will be plastic.
This news is AWESOME. This power for $50, that’s unbeatable. I’ve personally gotten 95Mb UDP and 40-45Mb TCP through a 450 (with connection tracking). To get a competing product with throughput and feature-set, you are going to pay at least 7 times as much…and that’s grey market.
What is Webmin? It is the greatest Linux admin tool ever invented. It is a web-based admin interface for just about any popular linux product. I’ve heard some other admins say “If you can’t do it command line, you aren’t a real admin.” To that I say, I want to be able to take a vacation occasionally! Sure I can admin all that stuff from the command line, but most of my guys at work can’t. If I can teach them to admin, say BIND, easily then I don’t have to be the guy that does everything. Plus, BIND is so much easier to admin through webmin. 😉 I say do yourself a favor and try it. It will, often times, install packages for you if they aren’t already installed!
I pretty much run CentOS exclusively, and the first thing I do on my servers after installing the OS is put on the Webmin RPM. It is as easy as “rpm –install webmin-package-name”.
I use it for:
- IPtables administration (called Linux firewall under networking). It is a simple method to add/update your iptables rules.
- BIND DNS administration
- Apache Webserver
- VSFtp
- Samba
- Chkconfig (linux services)
- Setting up cron jobs
- Doing some simple ICMP monitoring
More stuff on my drive.
Sequoia view – This is an extremely useful tool when you have a full hard drive. What it does is crawl a drive and show how each folder is utilized in an interesting visual way. It uses colored squares. Each color represents a different file type. The size of the square represents how large the file is. It helps you to QUICKLY and easily find space hogs and delete them. This has found use on the C drive of many an exchange server.
Restoration – Another one of your standard undelete programs.
Colasoft Packet Builder – You can use this guy to craft packets and send them at varying intervals on your network. This is great for all sorts of testing.
Colasoft Packet Player – This is another cool prog. You can replay packets captured from wireshark back into your network.
srvany/instsrv – These two programs were put out on a M$ resource kit cd. You can google for them and find a download. What these do is allow you to run any executable program as a service. I’ve run many a program in this fashion. This is for the MacGyver in all of us.
Cain & Able – Many virus scanners will pick this up, though it is clean. The able prog can be used to exploit machines, and I never personally use it. Cain on the other hand is very useful. You can use Cain to decrypt many password types easily.