When Tech Meets Business

"I have had the pleasure of having Himawan as part of my team for a total  of 3 years, first two years in the Carrier Ethernet practice as an NCE,  and later on as part of my Advanced Services Africa team where Himawan worked as a Solutions Architect.

Himawan is unique in the way that he not only contributes with extremely  good technical knowledge (for which his triple CCIE is a proof), but he also provides the combination of very good consultancy and business skills, which makes him extremely valuable not only in meetings with customer engineers, but also in meetings with customer senior management.

What I value most with Himawan is his never give up attitude, it doesn't matter how complicated problem, how challenging business environment, or how short timelines, he always jumps into the challenge and finds a way to resolve the issue.

I can strongly recommend Himawan for any position where the combination of technical and business skills is required, and if I had a position open requiring these skills I would see Himawan as the perfect hire."

- Ulf Vinneras
Director Services Strategy and Business Development at Cisco Systems

Tack så mycket, Ulf!

Cisco AnyConnect VPN with LDAP integration


I spent some time recently building anyconnect VPN on an ASA 5525-X and integrating it with LDAP. It could be fairly quick and simple if you have the necessary information to build out an aaa-server for LDAP and match the attribute maps for LDAP service.

Integrating VPN with LDAP involves two phases:
1. Build an aaa-server for LDAP (multiple aaa-servers for load-balancing/redundancy) and then associate the LDAP server to the VPN tunnel-group.
2. Build LDAP attribute maps for determining what AD user gets associated to what VPN Group-Policy.

Phase 1 : aaa-server

Before building your aaa-server, you need to grab some information from your AD server. This includes the following:

1. AD server IP address
2. AD server type (microsoft etc)
3. LDAP (389) or Secure LDAPS (636) port

Create aaa-server 'LDAP' that uses protocol ldap.

aaa-server LDAP protocol ldap

Assign an IP address / Server (dns resolved) name to that LDAP server.

aaa-server LDAP (inside) host dc01

Note: Here the ASA realizes the dc01 server has an IP address which is internal to the ASA, hence it puts it in the 'inside' interface.

Since we use LDAPS and require LDAP over SSL, and the AD server is a Microsoft Continue reading

The Last Question

Please find my complete interview with IT Certification Master: Why Network, Skill, Experience Matters Most. Thank you to Mirek Burnejko for the opportunity.

And below is the last question from the interview:

MB: You are also a co-founder of several organizations: GEM Foundation, Jawdat Teknologi Indonesia and CCIE93. Can you describe us these new ventures?

HN: This is my problem: there are 250 million people in Indonesia, and there are only less than 200 CCIEs. I’m planning to solve that problem. And it doesn’t mean I will make everyone from my country as CCIE. Nor I will teach CCIE class. I want to do more. I want to help Indonesian students and young professionals to become globally competitive professionals. So they can compete in global market like me, or stay in Indonesia to work on challenging project currently being done by professionals from outside the country (expats). And the solution must be scalable. That’s why I founded a not-for-profit organization GEM Foundation (GEMFo) early last year with several other Indonesian professionals who work outside the country. I spent my personal time to visit schools and universities to share global view from my own experience working abroad for more than 10 Continue reading

[Quality of Service] Part 3 – Nexus 1000v: The Servers are Doing QoS Now?!?

I’m going to talk a little bit about performing QoS functions from within the Nexus 1000v. Since it’s been awhile since I made the last post in this series, a recap is in order: In my first post, I explained what the different types of QoS policies were in the context of Cisco’s MQC In my second post, I went through the actual configuration on specific platforms like the Cisco Nexus and Unified Compute platforms, as well as a brief mention of vSphere’s participation, but less on the QoS aspects and more on MTU.

[Quality of Service] Part 3 – Nexus 1000v: The Servers are Doing QoS Now?!?

I’m going to talk a little bit about performing QoS functions from within the Nexus 1000v. Since it’s been awhile since I made the last post in this series, a recap is in order: In my first post, I explained what the different types of QoS policies were in the context of Cisco’s MQC In my second post, I went through the actual configuration on specific platforms like the Cisco Nexus and Unified Compute platforms, as well as a brief mention of vSphere’s participation, but less on the QoS aspects and more on MTU.

[Quality of Service] Part 3 – Nexus 1000v: The Servers are Doing QoS Now?!?

I’m going to talk a little bit about performing QoS functions from within the Nexus 1000v. Since it’s been awhile since I made the last post in this series, a recap is in order: In my first post, I explained what the different types of QoS policies were in the context of Cisco’s MQC In my second post, I went through the actual configuration on specific platforms like the Cisco Nexus and Unified Compute platforms, as well as a brief mention of vSphere’s participation, but less on the QoS aspects and more on MTU.

Identifying Introverted Tendencies

It’s no secret that our industry is full of those with interesting eccentricities. These characteristics are found in varying degrees with those we come into contact with daily. The extremes of these often manifest themselves as a general perception of those in technology. This even happens as technical characters are portrayed television. One example of this […]

Author information

Paul Stewart

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With nearly 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems. Paul also writes technical content at PacketU.

The post Identifying Introverted Tendencies appeared first on Packet Pushers Podcast and was written by Paul Stewart.

Open Source Switching

There’s been a ton of attention lately around the concept of using commodity hardware in an area of the industry that is currently dominated by proprietary ASIC-based solutions - networking. When it comes to crossing paths between open source and networking, the obvious low-hanging fruit has been software-based switching solutions like Open vSwitch, or cool ways to make virtual switching do bigger, better stuff for cloud providers like Openstack Quantum (awesome, by the way).

Open Source Switching

There’s been a ton of attention lately around the concept of using commodity hardware in an area of the industry that is currently dominated by proprietary ASIC-based solutions - networking. When it comes to crossing paths between open source and networking, the obvious low-hanging fruit has been software-based switching solutions like Open vSwitch, or cool ways to make virtual switching do bigger, better stuff for cloud providers like Openstack Quantum (awesome, by the way).

Book Review: A Primer of Multicast Routing

I was recently in need of a refresher on multicast routing, so I picked up Eric Rosenberg’s A Primer of Multicast Routing (Springer Briefs in Computer Science). The overall plan of the book is excellent, starting with a basic overview of what multicast is (and does), including why multicast is more efficient than unicast for […]

Author information

Russ White

Principal Engineer at Ericsson

Russ White has scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, nibbled and noodled at a lot of networks, and done a lot of other stuff you either already know about — or don't really care about. You can find Russ at 'net Work, the Internet Protocol Journal, and his author page on Amazon.

The post Book Review: A Primer of Multicast Routing appeared first on Packet Pushers Podcast and was written by Russ White.

What is static floating route

How does the internet work - We know what is networking

Static floating route is static route like any other but with added administrative distance in the configuration R1(config)#ip route 172.16.10.0 255.255.255.0 10.10.10.2 200 Defining the packets route using Static Floating Routes is very interesting topic so I decided to give you a short description of Static floating routes with an example. Static floating route is the […]

What is static floating route

How to Turn Your IOS Router Into a Pr0n Server (Pr0n Not Included)

No, really! Did you know that your IOS-based router is capable as acting as a static webserver? Below you will find the steps necessary to turn a GNS/Dynamips box (or any ‘testlab’ machine) into something that can serve basic HTTP/HTTPS content. Due to the security implications of the steps below, it’s not recommended to do […]

Author information

Ken Matlock

Ken Matlock

Ken Matlock is a networking veteran of 19 years. He has worked in many fields in the networking industry including Service Provider, Retail, and Healthcare. When he's not fixing the problems of the networking world, he can be found studying for his CCIE, spending time with his family, and trying to chase the ever-elusive sleep.

He can be found on twitter @KenMatlock , email at [email protected] , irc.freenode.net #PacketPushers, or the occasional blog or forum post.

The post How to Turn Your IOS Router Into a Pr0n Server (Pr0n Not Included) appeared first on Packet Pushers Podcast and was written by Ken Matlock.

[Virtual Routing] Part 3 – Router Redundancy in VMware vSphere

My post a few weeks ago about the CSR 1000v made a pretty big splash - it’s clear that the industry is giving a lot of attention to IP routing within a virtual environment. No doubt, Vyatta is largely credited for this, as they’ve been pushing this idea for a long time. When Brocade announced that they were acquiring Vyatta, and Cisco announced they were working on a “Cloud Services Router”, this idea became all the more legitimate, and as you can tell from this series, it’s of particular interest to me.

[Virtual Routing] Part 3 – Router Redundancy in VMware vSphere

My post a few weeks ago about the CSR 1000v made a pretty big splash - it’s clear that the industry is giving a lot of attention to IP routing within a virtual environment. No doubt, Vyatta is largely credited for this, as they’ve been pushing this idea for a long time. When Brocade announced that they were acquiring Vyatta, and Cisco announced they were working on a “Cloud Services Router”, this idea became all the more legitimate, and as you can tell from this series, it’s of particular interest to me.

[Virtual Routing] Part 3 – Router Redundancy in VMware vSphere

My post a few weeks ago about the CSR 1000v made a pretty big splash - it’s clear that the industry is giving a lot of attention to IP routing within a virtual environment. No doubt, Vyatta is largely credited for this, as they’ve been pushing this idea for a long time. When Brocade announced that they were acquiring Vyatta, and Cisco announced they were working on a “Cloud Services Router”, this idea became all the more legitimate, and as you can tell from this series, it’s of particular interest to me.

Show 146 – Arista 7500 – One Switch to Rule Them All – Sponsored

Arista is shipping a serious round of upgrades for the 7500 switch chassis. In this sponsored podcast, Doug Gourlay from Arista returns to the Packet Pushers to give an unvarnished view of the new products and why Arista can deliver 100GbE at a new price point while maintaining technical features and capabilities. Show Topics: 1) It’s […]

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post Show 146 – Arista 7500 – One Switch to Rule Them All – Sponsored appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Convert Hex to Decimal in IOS

Lots of IOS commands produce output in hex that I sometimes want to convert to decimal. Common ones for me are stuff like:

show ip cache flow
show ip flow top-talkers

and various debug commands. For example:

Router#sh ip cache flow | i Fa1/0.6
Fa0/1.6  10.5.188.158   Tu101*  10.5.24.15  06 0DA7 6D61  345

I have no idea what the port numbers in columns six and seven are. Fortunately, if the IOS device has the TCL or Bash shells available, we can quickly convert them.

Method 1: Tcl Shell

Most routers have the Tcl shell available:

Router#tclsh
Router(tcl)#puts [expr 0xda7]
3495

Router(tcl)#puts [expr 0x6d61]
28001


You could write a callable Tcl script to make this permanently available from normal EXEC mode too.

Method 2: Bash Shell

The Bash shell came out in one of the early IOS 15.0 versions, so you may or may not have it available. You need to explicitly enable it by entering "shell processing full" in global configuration mode.

Router#sh run | i shell
shell processing full < required to enable Bash in IOS 15+
Router#printf "%d" 0xda7
3495
Router#printf "%d" 0x6d61
28001