Posts

DHCP Option 82 in ISP network - Customer IP assignment (DHCP Snooping & IP Source Guard) with Cisco IOS

Image
The other day; I was testing how my ISP is protecting itself from customer exploitation. Normally I directly connect my router to the network cable provided by ISP. This time around I have connected a switch to the network cable from the  ISP. Then I have configured the switch port (ISP connection) to an access VLAN and also configured 2 other switch ports to the same vlan. Then I have connected 2 routers and expecting they will be assigned 2 IP addresses (1 for each router). To my surprise only one of the router was getting dynamically assigned IP adress from the ISP. The second router was not getting any IP adress at all. I even went further to set an static IP adress (from ISP network) to the second router. Another surprise - even with static IP assignment, that router could not even ping the ISP's gateway. That got me thinking - how the ISP is protecting itself from such customer exploitation in the first place. Disclaimer - This is just a story to show the readers how the tec
Post a Comment
Read more

Working with Cisco Support APIs using Python (Part I)

Image
Now a days the buzzword is consume everything using automation through programming. And one way of the consumption is achieved by using REST API and JSON. Let's talk about one such API provided by Cisco - Support APIs. What is Cisco Support APIs? Cisco's own definition is - Cisco Support APIs allows us to programmatically access and consume Cisco Support data in the cloud in a simple, secure, and scalable manner. Let's make our own easily explainable definition - We have a Cisco Catalyst Switch; we want to know detail information about our switch like - bug lists, end-of-life data, recommended software suggestions etc. The Cisco Support APIs allows us to manage all those above and much more by consuming their support api's from cloud. Before going further on I need to introduce two URLs which is required to follow through this blog post -  https://apiconsole.cisco.com . This is the administrative portal where we configure our API access, tokens etc. https://developer.c
Post a Comment
Location: Täby, Sweden
Read more

Cisco IOS-XE based Router/Switch updating IOS in install mode

Image
With IOS-XE based network devices, Cisco introduced a new way to run the operating system which is called "install mode" . The old/legacy way to load the operating system is still there which is now called "bundle mode" . The recommended way to run the OS in IOS-XE based devices is install mode.  With the new "install mode" all the operating system files are already extracted as "pkg" files and they are loaded into the device's memory using a provisioning file named "packages.conf" . As OS files are already extracted and directly loaded into the memory; this mode has faster boot time and consumes less RAM  than bundle mode (legacy) and is the recommended method. Cisco has long list of documentation; how to use "install mode" in the network devices. In today's post I will show how to use install mode during firmware update where the network administrator has full control. Let's introduce our topology -  Topology
Post a Comment
Location: Täby, Sweden
Read more

Private VLAN on Arista EOS Switch (How ISP isolates traffic between subscribers)

Image
The other day, I was looking at the arp table entry for my home router and found a funny thing going on - $ show arp Address                 HWtype    HWaddress              Iface 10.10.10.1              ether        04-96-AF-EF-C6-53    eth0 10.10.10.10            ether        04-96-AF-EF-C6-53    eth0 Above arp table is an example hiding the actual IP addresses and MAC addresses. Here my IP address is let's say - 10.10.10.50/24 and GW is 10.10.10.1 . Now the question comes why another subscriber of the ISP in the same subnet (10.10.10.10) also have same mac address as my GW (04-96-AF-EF-C6-53). We are in the same IP network/VLAN (ISP definitely configured those), but my router cannot see the actual MAC address of other devices in the network. The reason is that my ISP is isolating devices in layer-2 using a technique called private vlan. All of my layer-2 and layer-3 traffic within my subnet is proxied through the ISP router. We the different subscribers cannot see each other
Post a Comment
Location: Täby, Sweden
Read more