25 Oct 2001 – What is a CCIE?
By Greg Ferro, CCIE#6920
In the course of my day-to-day work, people ask me what is a CCIE(tm)? I thought about this for some time. I wrote some notes. And this is what I came up with:
I am a dynamic figure, often seen scaling 8 foot computer racks and charming magnetic security cardswipes. I have been known to remodel SME networks on my lunch breaks, making them more efficient in the area of capital deployment, reliability and performance. I translate technobabble for Management, I write award-winning technical presentations and deliver them better than an American president announcing tax cuts.
I can recite complete chapters of the Cisco Documentation CD, backwards and, with little effort and at the same time, perform decimal to binary conversion for very large numbers.
I woo women with my sensuous and godlike MIDI playing on a notebook. I can pilot computer trolleys up severe inclines with unflagging speed, and I can rack Cisco gear faster than Arnold Schwarznegger can bench press. I am an expert in network diagramming tools, a veteran in web surfing, and know the Cisco Web Site better than I know my own family.
Just to keep it interesting, I occasionally tread water for three days while programming Cisco practice labs. I manage time efficiently and can complete a timesheet every week. In addition, I know the part number for every Cisco router cable.
Using only a Chinese AC power cord and a large glass of water, I once single-handedly rebuilt the network core of major co-location facility after the roof fell in. I used to play games, but now it’s serious. I am the subject of numerous urban myths and I am the creator of a few as well. When I’m bored, I test fiber optic cable, calculate power loss sums on UTP and the minimum refraction index for 50 micron multimode fiber. I mean, what IS the point of it ?
I understand that DLSW and Source Route Translational Bridging actually has a reason for existence. It’s not just IBM playing a practical joke. Really.
I enjoy urban guerilla activities. I can build a 802.11b parabolic dish antennae using surplus antennae from defunct satellite companies and a juice can. It has better performance than off the shelf products. I think that having a wind generator and solar array as power backup for my practice lab is not only responsible preparation, it’s environmentally friendly too. On Wednesdays, after work, I repair old monitors free of charge for my local charity.
I know that canonical to non-canonical conversion is not about religion, it’s about “ART.”
Microsoft geeks worldwide swoon over my original line of corduroy evening wear, which I don’t understand — it was supposed to be funny. I don’t perspire. I am a private citizen, yet I receive fan mail. I have been caller number ten and have won the cash jackpot.
I can speak IPX NLSP, AppleTalk, ATM PVC, QoS, and BGP to name a few, and redistribute routes at will, with filtering, using non contiguous masks. I install IPV6 on customer sites whenever I can, just so I can play with it. Same for OSPF NSSA. Children trust me.
I can hurl squishy giveaway tradeshow toys at sales personnel with stunning accuracy, and ensure that the dweeb from administration gets the blame. I have charisma beyond normal mortals; if I didn’t the boss would have sent the other guy to this exam.
I once read Cisco Quality of Service, Caslow Bridges and Routers 2nd Ed, and Jeff Doyles’ Routing TCP/IP Vol2 in one day, and still had time to do practice on a Frame Relay multipoint network, using OSPF and IGRP, split horizon, route maps and ISDN. I know the exact location of every food item in the supermarket and I use a link state protocol to calculate the shortest path to get there.
I have performed several covert operations with the CIA. It was kind of fun having them follow me around. I know that security and privacy is a phantasm-like myth created by “security companies” to extract money from IT Managers who can’t implement a decent security policy. But it’s great fun to play with.
I sleep once a week; when I do sleep, I sleep in a chair. I know exactly how much coffee my body will take to sustain me at peak function. While on vacation, I successfully negotiated with the hotel to fix their network in return for free accommodation. The laws of society do not apply to me.
I balance, I weave, I dodge, I frolic, and my bills are all paid. On weekends, to let off steam, I participate in full-contact tech stock day trading. Years ago I discovered the meaning of life but forgot to write it down.
I can originate default routes, conditionally, after redistributing from a classful distance vector protocol. I have made extraordinary four course meals using my Cisco 7500 lab router as a stove (after all its runs all the time anyway).
I breed prizewinning idioms. Fox Mulder knows my phone number. I have spoken with Elvis.
I am Cisco Certified Internetwork Expert Number 6920. I do good work on Cisco equipment.
Originally published at Techtarget.
Update: And very much based on the this urban legend here http://urbanlegends.about.com/library/blbyol3.htm as pointed out in the comments.
Reverse telnet has been around for long time. The most common use today is to provide access to the console ports on your Cisco equipment in the data center so that you can configure them in the case of a radical failure.
This is easy to do. You pick a standard router that has Network Module slots, purchase an NM-16A or NM-32A Asynchronous module. This has four unusual connectors and looks like this.
The CAB-OCTAL-ASYNC cable looks like this and the kit comes standard with eight DB25 connectors which plug in to RJ45 connectors on the end of the cable. Its the RJ45 connectors that you want. You can throw the Rj45-DB25 connectors in the bin.
Once you put the module, and powered up you can see these lines:
lontrm01#show line summary 0: ?... .... .... .... .... .... .... .... .UU- 36: ---? ??-? ???? ???? ???? ???? ???? ??-U -??? 72: ???? ???? ???? ???? ???? ???? ??? 3 character mode users. (U) 57 lines never used. (?) 7 lines used, but currently idle. (-) 32 lines do not exist. (.) 3 total lines in use, 0 not authenticated (lowercase) lontrm01#
IOS allocated line numbers is a quasi random sort of way. You should refer to How Async Lines are Numbered on 3600 series Router as a starting point.
The easiest way to see how the TTY lines are laid out is to install the modules and do a “show line”. Remember also that modules count from zero, and start on the bottom right, then up, and back to the bottom on the left and then up.
Plug the RJ45 connection into the console port of your Cisco device.
Configuring IOS for Reverse Telnet
r1#conf t r1(config)#line 33 64 r1(config-line)#transport input telnet r1(config-line)#no exec r1(config-line)#^Z r1#
Go your telnet client – telnet 198.18.1.1 2033 will connect you to line 33, telnet 198.18.1.1 2034 will connect you to line 2034.
We have confirmed connectivity.
The SSH listener doesn’t use the same ports, we have to use rotary groups.
!generate the ssh key or crypto key generate rsa !some of the usual stuff for ssh ip ssh time-out 60 ip ssh authentication-retries 4 !configure the ssh listener at port 2001 through 2127 ip ssh port 2001 rotary 1 127 ip ssh logging events ! line 33 ! set the rotary group the port belongs to, only one port per rotary group rotary 1 ! do not allow the serial line to create spawn an exec session as this will lock the port. !This happens when the serial line gets EMF / EMI. no exec !allow SSH thread to access the port. transport input ssh transport output none line 34 rotary 2 no exec transport input ssh transport output none line 35 rotary 3 no exec transport input ssh transport output none !repeat for every line
You will need to configure your SSH client to connect on a non-standard port:
or even better at the Command Line
ssh -l gf 198.18.1.1 -p 2001
ssh firstname.lastname@example.org -p 2001
Each console port is available in ascending order, thus ssh -l gf 10.216.4.10 -p 2002 will connect to line 34, ssh -l gf 10.216.4.10 -p 2003 will connect to line 35.
Sometimes a line will not be terminated cleanly and will need clearing. Do a show line and the asterisk or star will show you which line is ‘in use’.
r1#sh line Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int 0 CTY - - - - - 0 0 0/0 - * 33 TTY 9600/9600 - - 1 - - 14 0 0/0 - * 34 TTY 9600/9600 - - 2 - - 3 0 0/0 - 35 TTY 9600/9600 - - 3 - - 1 1 0/0 - 36 TTY 9600/9600 - - 4 - - 1 0 0/0 - -snip- r1#clear line 33 [confirm] [OK] r1# r1#show line Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int 0 CTY - - - - - 0 0 0/0 - 33 TTY 9600/9600 - - 1 - - 14 0 0/0 - * 34 TTY 9600/9600 - - 2 - - 3 0 0/0 - 35 TTY 9600/9600 - - 3 - - 1 1 0/0 - 36 TTY 9600/9600 - - 4 - - 1 0 0/0 -
Why not use something else ?
Many people use a Cyclades or some other product to do this. They are often cheaper and have high density. However, I often waste a lot of time getting the physical cabling sorted out to connect to a Cisco console port. The Cisco NM-16A is quick and easy solution. Typically I use a 2600 or 3600 series router to be my terminal server, so the cost is really only for a the Asynchronous NM module and some cables.
I would also recommend buying the CAB-OCTAL-ASYNC cable from ebay. Typically £25 versus £150 or more from Cisco resellers. The ebay version can also come in five metre lengths which is useful for running up to your patch panel.
The use of reverse telnet or SSH is vital to creating an effective lights out and hands off data centre. It is also critical when building an Out of Band Network Disaster network as this might be the only way to connect to network equipment in the event of meltdown.
Telnet is not suitable because of its poor security (clear text passwords) so SSH is a necessity.
Please let me know if I have made any typos. Would be happy to fix this up.
I published a follow up to this post at http://etherealmind.com/cisco-ios-reverse-ssh-terminal-server-console-access-part2/
I have been looking at a multi host data centre and am using MPLS to securely share certain resources and considering what architecture considerations for Network Management.
Lets define the problem. Network Management is software and servers that collect data from my network equipment and presents it to me in some useful form. Add to this some documentation and process support tools such as a wiki that holds documentation or a service such as helpdesk package.
The servers have to have IP addresses but what addresses to allocate ? If I use something from the RFC1918 addressing then it is possible that a given VRF might need to use that range. I don’t need the hassle of buying and maintaining routable addresses (although for a very large data centre this would be easy enough to do).
So I spent some time researching the RFC’s and found this little gem.