Like most computer systems, network devices like routers and switches can also be managed through Ansible. Ansible has a modular design that enables it to deal with a large variety of devices. It already ships with a number of modules, and in cases where no specific module is available users can still leverage general usage modules like RAW, SHELL or COMMAND.
Every action executed by Ansible modules must be previously defined in “playbooks”. Actions defined in a playbook will be executed through SSH, dispensing any additional piece of software on client side such as a software agent.
The use of SSH makes Ansible compatible with a larger range of devices and its adoption way simpler.
Continue reading “Bulk Device Configuration with Ansible”
Juniper routers can generate and send flow records to a management server. This feature allows the administrator to monitor all the traffic that flows through the router, giving him a better picture of the users’ behavior and also enabling every connection originated or destined to that particular autonomous system to be recorded for compliance requirements.
Continue reading “Netflow with Juniper”
This article shows how to configure a Juniper router to authenticate users on a RADIUS server.
1. Configure the router with the RADIUS server information:
set system radius-server 10.0.12.1 port 1812
set system radius-server 10.0.12.1 secret yourpassword
set system radius-server 10.0.12.1 timeout 5
set system radius-server 10.0.12.1 retry 3
set system radius-server 10.0.12.1 source-address 192.168.120.4
In this case, the RADIUS server is with the IP address of 10.0.12.1, UDP port 1812.
Continue reading “RADIUS Authentication on Juniper”
This article explains how to add new Netflow listeners to Cacti. By default, Cacti is not able to show Netflow reports. So, to follow the steps in this article, the Flowview plugin have to be installed on Cacti.
1. Configure Cacti server to receive and store the netflow files adding the lines shown below, one line for each router:
-V 5 -w /var/flow/ABC-Router -n 275 -N 3 -E500M 0/0/3001
-V 5 -w /var/flow/DEF-Router -n 275 -N 3 -E500M 0/0/3002
-V 5 -w /var/flow/GHI-Router -n 275 -N 3 -E500M 0/0/3003
-V 5 -w /var/flow/JKL-Router -n 275 -N 3 -E500M 0/0/3004
-V 5 -w /var/flow/MNO-Router -n 275 -N 3 -E500M 0/0/3005
-V 5 -w /var/flow/PQR-Router -n 275 -N 3 -E500M 0/0/3006
-V 5 -w /var/flow/STU-Router -n 275 -N 3 -E500M 0/0/3007
-V 5 -w /var/flow/VWX-Router -n 275 -N 3 -E500M 0/0/3008
-V 5 -w /var/flow/XYZ-Router -n 275 -N 3 -E500M 0/0/3009
Continue reading “Adding a Netflow Listener to Cacti”
1. The QoS service offered by the ISP allows for control of how traffic is prioritised and bandwidth is reserved, with three queues available (multimedia – VoIP, critical data and normal data). Packets must be remarked with the following values to be classified on a each queue:
Continue reading “Traffic Classification and Marking on HP Switches”
In this article we will configure the HP7510 switch to limit the bandwidth for two specific applications. The switch is placed in the company central building and is connected to the WAN router that provides access to offices in different remote locations. Continue reading “Limiting Application Bandwidth on HP Switches”
In this article I will show how to mark IP packets to prioritize multimedia and critical applications following a QoS policy that will be later enforced inside the ISP cloud.
1. The QoS service offered by the ISP allows for control of how traffic is prioritized and bandwidth is reserved, with three queues available as shown in the figure below.
Continue reading “Traffic Classification and Marking on Cisco IOS”
In this article we will configure a Cisco IOS Router to limit the bandwidth usage of an user that is watching video of a security camera. To that goal, we will use a traffic policer, but will also show how to reach the same objective using traffic shapping.
Continue reading “Limiting Bandwidth with Cisco IOS”
A few show commands to verify the performance of routers with JUNOS: Continue reading “Verifying Performance on Juniper”
- This command will start capturing packets on the given interface and save the capture in the file capture.pcap.
monitor traffic interface ge-1/0/1.0 extensive matching "dst host 22.214.171.124" no-resolve print-ascii write-file capture.pcap
Continue reading “Capturing Packets at a Juniper Router”