Saturday, May 5, 2012

Decrypt IPsec packets - Linux to Cisco VPN

In this blogtorial I will demonstrate how to decrypt IPsec packets on a VPN between a Linux machine and a Cisco router. We will be using the setup from my previous blogtorial 'Configuring IPSEC VPN between Linux and Cisco'.

Let's begin.

Wednesday, May 2, 2012

Configuring ACLs - ACL Resequence

In this blogtorial we will see how ACLs are sequenced and how we can resequence if we need to. ACL's initially start with sequence number of 10 and increments each entry by 10 unless specified.

Let's take a look.

Monday, April 30, 2012

Propagating Default Routes - OSPF

How to get default routes into OSPF routing domain? Well, there is really just about one way to do it. It is by using default-information originate.

Consider this simple topology below and follow the screenshots.

Troubleshooting - Loop-back detected - %PM-4-ERR_DISABLE

Recently, I was tasked with troubleshooting a weird problem where one of the interfaces was err-disabled. Fun Monday mornings :) and sifting through the logs I came up on this error message. 

%PM-4-ERR_DISABLE: loopback error detected on Fa1/0/20, putting Fa1/0/20 in err-disable state
%ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on FastEthernet1/0/20.

Turns out that this was because of an interface somewhere in our network was configured incorrectly which then created a loop in our network. The STP topology in our network corrected/recovered itself within a few seconds and fa1/0/20 should have "err-disabled recovered", however "errdisable recovery cause loopback" was not configured. 

Basically this error message states that the keepalives which are on by default are looping back to the source interface.  

For example, if a keepalive was sent on fa1/0/20 and if that keepalive packet loops around the network and shows up at the source interface then that must mean that there is a loop in our network and the interface which sent out the keepalive will be err-disable.  

Notice that the keepalive are set to 10sec by default on all interfaces. 
  • Fix the underlying misconfigured interface downstream and/or upstream.
  • Disable keepalives on interfaces. 
Many more articles to come so stay tuned. "Join this site" on the right / click +1 below ------->