Bulk Device Configuration with Ansible

Like most computer systems, network devices like routers and switches can also be managed through Ansible. Ansible has a modular design that enables it to deal with a large variety of devices. It already ships with a number of modules, and in cases where no specific module is available users can still leverage general usage modules like RAW, SHELL or COMMAND.

Every action executed by Ansible modules must be previously defined in “playbooks”. Actions defined in a playbook will be executed through SSH, dispensing any additional piece of software on client side such as a software agent.

The use of SSH makes Ansible compatible with a larger range of devices and its adoption way simpler.

Continue reading “Bulk Device Configuration with Ansible”

Netflow with Juniper

Juniper routers can generate and send flow records to a management server. This feature allows the administrator to monitor all the traffic that flows through the router, giving him a better picture of the users’ behavior and also enabling every connection originated or destined to that particular autonomous system to be recorded for compliance requirements.

Continue reading “Netflow with Juniper”

RADIUS Authentication on Juniper

This article shows how to configure a Juniper router to authenticate users on a RADIUS server.

1. Configure the router with the RADIUS server information:

[edit system]
set system radius-server port 1812
set system radius-server secret yourpassword
set system radius-server timeout 5
set system radius-server retry 3
set system radius-server source-address

In this case, the RADIUS server is with the IP address of, UDP port 1812.

Continue reading “RADIUS Authentication on Juniper”

Adding a Netflow Listener to Cacti

This article explains how to add new Netflow listeners to Cacti. By default, Cacti is not able to show Netflow reports. So, to follow the steps in this article, the Flowview plugin have to be installed on Cacti.

1. Configure Cacti server to receive and store the netflow files adding the lines shown below, one line for each router:

vi /etc/flow-tools/flow-capture.conf

-V 5 -w /var/flow/ABC-Router -n 275 -N 3 -E500M 0/0/3001
-V 5 -w /var/flow/DEF-Router -n 275 -N 3 -E500M 0/0/3002
-V 5 -w /var/flow/GHI-Router -n 275 -N 3 -E500M 0/0/3003
-V 5 -w /var/flow/JKL-Router -n 275 -N 3 -E500M 0/0/3004
-V 5 -w /var/flow/MNO-Router -n 275 -N 3 -E500M 0/0/3005
-V 5 -w /var/flow/PQR-Router -n 275 -N 3 -E500M 0/0/3006
-V 5 -w /var/flow/STU-Router -n 275 -N 3 -E500M 0/0/3007
-V 5 -w /var/flow/VWX-Router -n 275 -N 3 -E500M 0/0/3008
-V 5 -w /var/flow/XYZ-Router -n 275 -N 3 -E500M 0/0/3009

Continue reading “Adding a Netflow Listener to Cacti”

Traffic Classification and Marking on HP Switches

1. The QoS service offered by the ISP allows for control of how traffic is prioritised and bandwidth is reserved, with three queues available (multimedia – VoIP, critical data and normal data). Packets must be remarked with the following values to be classified on a each queue:

Continue reading “Traffic Classification and Marking on HP Switches”

Limiting Application Bandwidth on HP Switches

In this article we will configure the HP7510 switch to limit the bandwidth for two specific applications. The switch is placed in the company central building and is connected to the WAN router that provides access to offices in different remote locations. Continue reading “Limiting Application Bandwidth on HP Switches”

Traffic Classification and Marking on Cisco IOS

In this article I will show how to mark IP packets to prioritize multimedia and critical applications following a QoS policy that will be later enforced inside the ISP cloud.

1. The QoS service offered by the ISP allows for control of how traffic is prioritized and bandwidth is reserved, with three queues available as shown in the figure below.

Continue reading “Traffic Classification and Marking on Cisco IOS”