Posts

[Video] How to create Microsoft Azure Account for Free.!! Deploy your first VM and avail services for a year

Image
This video demonstrates to sign up for Free Tier Microsoft Azure account and deploy a Windows 10 virtual machine that can be access from anywhere in the world. We will talk about signup process, selecting the right VM size based on our requirements, deploying the VM and then finally accessing the VM through RDP.

[Video] How to Run Cisco IOU in GNS3 VM?

Image
This video show how to download and configure GNS3 VM for running Cisco IOU images.

This also includes downloading and installing GN3 appliances form GNS3 marketplace to run Cisco IOS Over Unix.

[Video] Fetch Network Inventory from Ansible | Get Serial & model number and OS version of network devices

Image
Fetch Network inventory using Ansible. Depending upon what information we need, we can include the parameters in ansible-playbook. Using Ansible will really save time to accomplish many tasks that required to be performed on bulk devices.

[Video] Install Ansible and run your first playbook

Image
Are you a network engineer and want to know from where to start network automation? Or want to learn how to install and configure Ansible server for running your first ansible-playbook on Ansible.

RSA key save Error Resolution in Ansible

If you are also struggling while running ansible-plabook for new hosts and getting error like following, then you have two options. Either connect to each host one by one to save the RSA keys of that host to your ansible server or you can disable host key checking in ansible configuration file. Here is the way to do it

Edit/create either of the following files

 /etc/ansible/ansible.cfg or ~/.ansible.cfg:
and add the following to the file.
[defaults]host_key_checking = False


Error Message before disabling host key checking
fatal: [ios-xe-02]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"}, "changed": false, "msg": "paramiko: The authenticity of host '[ios-xe-02]:8181' can't be established.\nThe ssh-rsa key fingerprint is b'b7e974a8cbf96d464f7be3e12a86d265'."}


Ansible - Network Debug and Troubleshooting

There may be some times when you are trying to run an ansible-playbook that you created but getting errors that you are not able to understand.

To understand why ansible-playbook is not working, we can enable debugging and logging to understand what is going wrong. Following are the steps to enable logging in ansible.


Before running ansible-playbook run the following commands to enable logging:

# Specify the location for the log file

export ANSIBLE_LOG_PATH=~/ansible.log
# Enable Debug

export ANSIBLE_DEBUG=True
# Run with 4*v for connection level verbosity

ansible-playbook -vvvv ...
After Ansible has finished running you can inspect the log file which has been created on the ansible-controller:

less $ANSIBLE_LOG_PATH

2017-03-30 13:19:52,740 p=28990 u=fred |  creating new control socket for host veos01:22 as user admin
2017-03-30 13:19:52,741 p=28990 u=fred |  control socket path is /home/fred/.ansible/pc/ca5960d27a
2017-03-30 13:19:52,741 p=28990 u=fred |  current working directory is /…

Get Model Number and Serial number of Cisco devices using ios_facts module

This ansible-playbook will get the model number and serial number of Cisco devices using ios_facts module

--- - name: Define Parameters   hosts: XE   gather_facts: no   connection: network_cli   tasks:    - name: Get the facts      ios_facts:        gather_subset: all    - name: Display model and serial number      debug:        msg: "Model number of {{ ansible_net_hostname }} is {{ ansible_net_model }} and serial number is {{ ansible_net_serialnum }}" ~ ~


https://docs.ansible.com/ansible/latest/modules/ios_facts_module.html

Adding and Editing ACL on Cisco IOS using Ansible

Ansible playbook for adding a new ACL to Cisco IOS devices.
---
- name: Define Paramenters
  hosts: XE
  connection: network_cli
  tasks:
    - name: load new acl into device
      ios_config:
        lines:
          - 10 permit ip host 192.0.2.1 any log
          - 20 permit ip host 192.0.2.2 any log
          - 30 permit ip host 192.0.2.3 any log
          - 40 permit ip host 192.0.2.4 any log
          - 50 permit ip host 192.0.2.5 any log
          - 60 permit ip host 192.0.2.6 any log
        parents: ip access-list extended test
        before: no ip access-list extended test
        match: exact


[prashant@Prashant-VM01 ~]$ ansible-playbook play07.yml -i /home/prashant/inventory -u developer -k
SSH password:
PLAY [Define Paramenters] ***************************************************************************************************************
ok: [ios-xe-mgmt-latest.cisco.com]
ok: [ios-xe-mgmt.cisco.com]
TASK [load new acl into device] *************************************************************…

Specifying SSH port in Ansible Inventory

There may be some instances where you set a custom port for SSH on your network device. If ssh port for hosts is different than the default port 22, it can be specified in the inventory file with colon (:) after hostname.
#vi inventory
# Inventory file for Ansible
[XE]
ios-xe-mgmt.cisco.com:8181
ios-xe-mgmt-latest.cisco.com:8181
[XR]
sbx-iosxr-mgmt.cisco.com:8181

Configure interfaces with Ansible

Today we will be configuring network devices from Ansible using ios_config module.

Ansible playbook to create loopback interfaces and add description ---
- name: Define Parameters
  hosts: XE
  gather_facts: no
  connection: network_cli
  tasks:
    - name: Create loopback interfaces
      ios_config:
        lines:
          - description loopback interface by prashant
        parents: "{{ item }}"
      with_items:
          - interface loopback 25
          - interface loopback 30
          - interface loopback 35

Ansible-playbook for backing up running config of Cisco IOS

This ansible-playbook can be used to backup running configuration from Cisco IOS devices. You can refer to my earlier post Getting Started with your first ansible-playbook for Network Automation to know about the parameters used in this playbook.

Inventory file # Inventory file for Ansible
[XE]
ios-xe-mgmt.cisco.com:8181
ios-xe-mgmt-latest.cisco.com:8181
[XR]
sbx-iosxr-mgmt.cisco.com:8181
[all:vars]
ansible_network_os=ios

Playbook ---
- name: Define Parameters
  hosts: XE
  gather_facts: no
  connection: network_cli
  tasks:
   - name: backup the config
     ios_config:
      backup: yes
     register: backup_config
   - name: Store the config to directory
     copy:
      src: "{{ backup_config.backup_path }}"
      dest: "/tmp/backups/{{ inventory_hostname }}"

Getting Started with your first Ansible Playbook for Network Automation

Installing Ansible and related components
Updating Yum
# sudo yum -y update

Install python3-pip # sudo yum install python3-pip

Install/upgrade ansible to latest version # sudo pip3 install ansible

Install/upgrade ansible to latest version # sudo pip3 install paramiko

Verify the status/version of tools installed pip3 --version
python3 --version
ansible --version
Install and check version of ansible installed[developer@devbox Network_Support]$ansible --version
ansible 2.7.8
  config file = /home/developer/Network_Support/ansible.cfg
  configured module search path = ['/home/developer/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.6.5 (default, Jul 19 2018, 10:49:52) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]


Create inventory file[developer@devbox Network_Support]$vi inventory

# Inventory file for Ansible

[P-Switches]
P-1 ans…

Getting Started with your first Ansible Playbook for Network Automation

Install and check version of ansible installed
[developer@devbox Network_Support]$ansible --version
ansible 2.7.8
  config file = /home/developer/Network_Support/ansible.cfg
  configured module search path = ['/home/developer/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.6.5 (default, Jul 19 2018, 10:49:52) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]

Create inventory file
[developer@devbox Network_Support]$vi inventory# Inventory file for Ansible
[P-Switches]
P-1 ansible_host=172.16.30.82
P-2 ansible_host=172.16.30.83
[PE-Switches]
PE-1 ansible_host=172.16.30.84
PE-2 ansible_host=172.16.30.85
PE-3 ansible_host=172.16.30.86In the above inventory file, we specified two groups namely P-Switches and PE-Switches with two and three hosts withing them respectively.
Ansible groups can be useful for segregating the devices based on …

Spanning Tree Protocol Operation

Image
Whenever there is redundancy in the network, there are chances of formation of loops. When loops are at layer 3, TTL value in the packet header saves the packet from looping endlessly. Similarly, to avoid loops at layer 2, Spanning Tree Protocol (STP) comes into play. STP exchanges BPDU messages with other switches to detect loops, and then removes the loop by shutting down selected bridge interfaces. This algorithm guarantees that there is only one active path between two network devices. A layer 2 network with redundancy without STP can cause following issues:

Broadcast StormUnstable mac-address table in a switchDuplicate frames arriving at host

STP Operation
Election of Root Bridge With STP, the key is for all the switches in the network to elect a root bridge that becomes the focal point in the network. All other decisions in the network, such as which port to block and which port to put in forwarding mode, are made from the perspective of this root bridge. Each VLAN must have its …

Basic Datacenter Design with Redundancy

Image
The very basic thing that an organization expects while designing its network is maximum uptime, and this maximum uptime can only be achieved when there is redundancy in the network. So in this article, we'll design a network for a company hosted in a datacenter with redundant devices and links.
NOTE: The configuration of devices in this article does not include configuration for securing the control-plane of core or aggregation routers.

Full Network topology:

Free Networking Labs Online

telnet lab.sharontools.com

Stacked Switches

Image
A stackable switch is a network switch that is fully functional operating standalone but which can also be set up to operate together with one or more other network switches, with this group of switches showing the characteristics of a single switch but having the port capacity of the sum of the combined switches. Following are some of the benefits of stacked switches.

1. Simplified Network Management Multiple physical switches in a stack appear as a single logical switch. This eases management overhead because there are fewer devices in the network to manage. A single IP address is used to manage the logical switch. All manageable entities (for example, Ethernet interfaces and VLANs) on all physical switches can be configured and managed from the logical switch. The logical switch will appear as a single entity in the network. In a Layer 2 network, the logical switch will appear as a single spanning-tree entity.

Creating MPLS Layer 3 VPN

Image
When used with MPLS, the VPN feature allows several sites to interconnect transparently through a service provider's network. One service provider network can support several different IP VPNs. Each of these appears to its users as a private network, separate from all other networks. Within a VPN, each site can send IP packets to any other site in the same VPN.
Each VPN is associated with one or more VPN routing and forwarding instances (VRFs). A VRF consists of an IP routing table, a derived Cisco express forwarding (CEF) table, and a set of interfaces that use this forwarding table.
The router maintains a separate routing and CEF table for each VRF. This prevents information being sent outside the VPN and allows the same subnet to be used in several VPNs without causing duplicate IP address problems.
In this document, we'll be configuring basic MPLS Layer 3 VPN for two customers, each having two physical sites at different location.

Network Topology:


Traffic Flow Decisions in MPLS Network

Image
In this article, we will study how forwarding decisions are made in a MPLS Network. You can check out the configuration of the network at Creating Layer 3 MPLS VPN.

Network Topology:


Managing Standby Unit from the Terminal of Primary Firewall when they are in HA

Fortigate


execute ha manage 0 where the 0 is serial no of the secondary device.

execute ha manage
<id>    please input peer box index.
<0>     Subsidary unit FGT80C3912608121

NINMUM03-DB-PRI-~ # execute ha manage
<id>    please input peer box index.
<0>     Subsidary unit FGT80C3912608121




Cisco