ngrok on Cumulus Linux

If you’ve landed on this page, you likely already have a good idea of what ngrok is and what it does. For those that don’t, the reader’s digest version is that it’s a simple way to securely tunnel to a device that sits behind a firewall/NAT device. It’s a slick implementation that is easy to install and allows a few different tunneling options. For the purpose of this blog, we’re using ssh and eliminating the need for port forwarding on the firewall.

Here are step-by-step instructions for turning up ngrok ssh services on Cumulus Linux. Note that these instructions work on the default VRF. You’ll need to take additional configuration steps to get this to work on Cumulus Linux with mgmt VRF enabled.

First, install the unzip package from the repo

Then wget the ngrok application, or optionally add the appropriate repo to your /etc/apt/sources.list and use apt to pull the package. You’ll obviously want to find the appropriate package for your switch (x86 or ARM).

If you don’t know the download link, navigate to https://dashboard.ngrok.com/get-started and copy the link address on the web link of the download section (right click the download link to snag the Continue reading

Installing Cumulus packages on air-gapped equipment

From time to time I run into situations where someone would like to install the Cumulus Linux operating system as well as additional packages that aren’t part of the default binary install package. This short excerpt is meant to assist in helping get those additional packages into an air-gapped environment for the install where you don’t have a repo or mirror available to pull from.

For instance, let’s say we want to install TACACS+ on an air-gapped switch and we don’t have access to a mirrored repo. There is a very tedious method which I’ll outline first, then there is the more Linux admin like option which is much more streamlined.

One thing that could be done is to run through the install on a switch with outside connectivity, gather the package and dependency info… manually pull the deb’s off of the repo on whatever media you are using to transfer files to the new switch. Then copy all of the packages over and install them. It’s the hard way, but sometimes that’s the road we have to take.

The long way

Pull the package list from a switch connected to the repo:

All of the packages should be in Continue reading

Cumulus Linux in the enterprise campus.

As most know, Cumulus Linux was originally intended for data center switching and routing but over the years, our customer base has requested that we expand into the enterprise campus feature set too. Slowly, we’ve done just that.

With this expansion though, there are a few items that IT managers tend to take for granted in an all Cisco environment that may need some extra attention when using Cumulus Linux as a campus switch. This is especially the case when it comes to IEEE 802.1x, desk phones, etc.

Most of the phones we inter-operate with have been of the Cisco variety and quite often, those phones are connected to Cisco switches. There are a few tweaks from the default Cumulus settings that need to be called out in this environment and we’ll now go over what those are and how you can tweek them.

Cisco IP Phones TLV change

Cisco IP phones may revert to a different VLAN after initial negotiation. One of our enterprise customers found that according to a Cisco tech note on LLDP-MED and CDP, CDP should be disabled on non-Cisco switches connecting to Cisco phones.

To eliminate this behavior, make the following adjustment to the Continue reading