Booches.nl

Another blogging colleague

There is a new blogger on the internet. The owner of the blog is working as Solution Consultant at 4IP and has a main focus on networking. His blog is called Frameburst and can be found via the URL http://www.frameburst.net.

He is still developing this blog and working at the layout, but here are some interesting outtakes:

I think Aruba’s VBN is a great solution as addition to their portfolio, there are still some small bumps and glitches concerning the ‘zero-touch’ process but nothing serious. I think VBN is a great solution for companies that want to extend their wireless corporate network to branch offices and home users with the same security benefits. Source

A few weeks ago I’ve passed my JNCIA-EX exam, I’ve used a Juniper EX 4200 Switch  acquired as demonstration model from Juniper Networks which was very helpful for the exam preparation and eventually passing the exam. After unpacking the switch and booting up for the first time it was password protected because the switch wasn’t reset to it’s factory defaults. Source

The RSS feed is already working, so add it to your RSS reader.

eSafe Proxy with NTLM v2.0

Today I am playing with eSafe 8 operating in eSafe Proxy with NTLM authentication mode. Configuring eSafe Proxy with NTLM authentication is very straightforward and not difficult. The authentication settings are configuring using the eSafe Appliance Manager web interface, like shown below.

I did some testing with multiple browsers and single sign-on with NTLM authentication is working perfectly. The system administrator was also testing, but he was complaining that he couldn’t authenticate. A pop-up box is received and when you enter the appropriate credentials, they aren’t accepted by eSafe. I found out that the customer is using Windows 7 and I was testing with Windows XP and Windows Server 2003.

Windows Vista, Windows 7 and Windows Server 2008 R2 and higher use NTLM v2.0-only by default. eSafe Proxy uses NTLM v1.0. The default setting within Windows can be changed to operate in a mode which is backwards compatible with eSafe Proxy. Take the following steps to change the NTLM settings:

1. 1. Open the Group Policy Editor with gpedit.msc;
2. 2. Go to Computer Configuration – Windows Settings – Security Settings – Local Policies – Security Options;
3. 3. Go to the setting: Network security: LAN Manager authentication level
4. 4. Change this setting to: Send LM & NTLM – use NTLMv2 session security if negotiated
5. 5. Apply the policy with gpupdate /force

The picture shows the policy setting within Windows. This should solve the problem with single sign-on on Windows Vista, Windows 7 and Windows Server 2008 R2 and higher.

Huh? Interface SSLVPN-VIF0?

While checking interface statistics on a Cisco 3845, I noticed the following layer 3 interfaces.

Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         74.124.155.67   YES NVRAM  up                    up
GigabitEthernet0/1         10.10.10.1      YES NVRAM  up                    up
GigabitEthernet0/0/0       unassigned      YES NVRAM  administratively down down
SSLVPN-VIF0                unassigned      NO  unset  up                    up
Tunnel0                    192.168.255.2   YES NVRAM  up                    up

I can explain all interfaces, except the SSLVPN-VIF0 interface. I tried to look at the internet, but that didn’t result in any useful information. I used Cisco’s Output Interpreter, but that didn’t help either.

INFO: The following interfaces show the interface configuration ‘method’ as ‘unset’. SSLVPN-VIFO This means that no configuration changes were made to the interface since the last reload.

I noticed the same interface on a Cisco 1811 router, but not on the Cisco 871 and Cisco 878 routers. The interface cannot be related to SSL VPN functionalities, because that feature isn’t configured on the routers. At least that was what I thought at first. I checked my home router, because it has SSL VPN configured and found that the SSLVPN-VIF0. As the abbreviation implies, SSLVPN-VIF0 stands for “SSLVPN Virtual Interface 0”.

An IP address is assigned to the interface, after establishing a SSLVPN connection. You can retrieve more information about the SSLVPN-VIF interface by using multiple show interface SSLVPN-VIF commands. An example is shown below:

router#show interface SSLVPN-VIF 0 switching
SSLVPN-VIF0 ***Internally created by SSLVPN context home***

Protocol  IP
Switching path    Pkts In   Chars In   Pkts Out  Chars Out
Process         26       2657          4        240
Cache misses          0          -          -          -
Fast          0          0          0          0
Auton/SSE          0          0          0          0

NOTE: all counts are cumulative and reset only after a reload.

So don’t panic when you see the SSLVPN-VIF0 interface on your router. You now know where it is coming from.

Playing with text files in Linux

I had a big Microsoft Event Viewer log file and I wanted specific information from the log file. At first I was thinking about using Microsoft Excel to do some filtering, but that didn’t really help. At the end Linux did the trick. I used Cygwin under Windows to extract the specific information. The raw log file had the following format:

2/22/2010:1:14:46 PM:IAS:Information:None:1:N/A:BOOCHES01:User rene was granted access.
2/22/2010:1:09:15 PM:IAS:Information:None:1:N/A:BOOCHES01:User rene was granted access.
2/22/2010:12:19:58 PM:IAS:Information:None:1:N/A:BOOCHES01:User BOOCHES\test was granted access.
2/22/2010:12:03:24 PM:IAS:Information:None:1:N/A:BOOCHES01:User booches was granted access.
2/22/2010:11:58:54 AM:IAS:Information:None:1:N/A:BOOCHES01:User testuser was granted access.
2/22/2010:11:58:13 AM:IAS:Information:None:1:N/A:BOOCHES01:User booches was granted access.
2/22/2010:11:58:07 AM:IAS:Information:None:1:N/A:BOOCHES01:User BOOCHES\test was granted access.
2/22/2010:11:17:13 AM:IAS:Information:None:1:N/A:BOOCHES01:User testuser1 was granted access.

I needed to extract only the unique users. Playing a little with Linux gave me the following output.

User test was granted access.
User booches was granted access.
User rene was granted access.
User testuser was granted access.
User testuser1 was granted access.

It isn’t perfect, but it is good enough for me. The original log file is called log.txt and the output is written to a file called users.txt. I used the following command to accomplish the output above.

cat log.txt | cut –d: –f11 | sed ’s/BOOCHES\\//g’ | sort | uniq >> users.txt

Cat prints the file log.txt to the screen. The –d parameter with cut determines the delimiter and –f selects the column to print. With sed I search for the string “BOOCHES\” and replace the sting with nothing (//). Everything is sorted with sort and all duplicate entries are removed with uniq. The output is written to the file users.txt.

Simple and effective!!!

Cacti and HP Procurve

Finding a template for HP Procurve switches wasn’t that hard. I needed to find a template for HP Procurve 2510G switches. The place to look for templates is forums.cacti.net. I searched the forums on the key word “procurve”, which resulted in many hits. I used the template from the article HP procurve 2600 series.

After importing all template you have the ability to monitor the MAC count on the switch and the memory usage. You also have the option to monitor the CPU usage, but you have to do some extra configuration. The zip file only contains a data template for the HP switches, but no graph template. I created my own graph template by duplicating the Cisco CPU graph template and changed the data source to the HP data template.

I changed the data source for the first 4 Items in the Graph Template to the HP procurve CPU data source. Next I created a device for the HP switches and added the appropriate “Associated Graph Templates” for HP procurve CPU, MAC count and memory usage. Now you only need to create a graph for the template and you are set to go.