Configure Cisco 871 router to work with SDM

Posted on March 11, 2012 by admin

After Cisco SDM is installed on local computer, before to start using it to configure a LAN cisco 870 series router, it is necessary to configure the router itself to accept connections with SDM. The following instructions will allow a Cisco 871 router to accept incoming connections from a Java applet launched by SDM:

conf t
username SomeUserName privilege 15 password SomePassword
ip http server
ip http authentication local

After this, the SDM Java applet window will be able to log into the router and perform administration.

63 views
Posted in Hardware, IT stuff | Tagged | Leave a comment

How to integrate WP-PostViews WordPress plugin with TwentyTen theme

Posted on March 3, 2012 by admin

The WordPress WP-PostViews plugin enable to display the number of views for each posts. Unfortunately the plugin documentation don’t specify how to use it with TwentyTen theme, or other themes that don’t use the file index.php but a different one. As the plugin’s creator stated, the plugin is not supported and developed anymore.

To use WP-PostViews in TwentyTen theme to display the numbers of views in any post of your blog put the following line of code

<?php if(function_exists('the_views')) { the_views(); } ?>

in the file loop.php that resides in the root directory of your theme; mine is in /wp-content/themes/twentyten directory. Put the above piece of code in the desired section of the file (somewhere within 

<?php while ( have_posts() ) : the_post(); ?>

loop part), depending where you want the counter to show up.

The above solution will work only with posts and not with pages.

references:
http://drjohnstechtalk.com/blog/2011/06/wordpress-templates-are-a-nightmare/

54 views
Posted in En, IT stuff, Software | Tagged | Leave a comment

Cisco IOS upgrade on Cisco 881 and 871 routers

Posted on February 27, 2012 by admin

To install a new IOS image to the Cisco 881 or 871 routers is quite straight forward: the desired IOS image should arrive to the router’s flash memory. There are many ways to accomplish this task and I used the usb or tftp way. The usb way is usable on Cisco 881 router only.

Before proceeding be sure that the requirements of the IOS image are met by the router hardware mainly in terms of RAM and flash memory size. For example the IOS version 15 image for Cisco 871 router, namely c870-advipservicesk9-mz.151-4.M1.bin need 192mb of RAM and a flash of 32Mb. As my 871 is 24Mb of flash memory, I have to stick with the latest version 12.4 of the IOS, namely c870-advipservicesk9-mz.124-24.T6.bin. The images can be found on Cisco site or on various places over internet.

Upgrade procedure using tftp

This procedure assume having a functional tftp server that contain the desired IOS image. To set up a tftp server on Ubuntu 10.04 see this article.. Log into the Cisco router by console or telnet.

Check the flash available free space with:

c871#dir
Directory of flash:/

    2  -rwx    21898144   Jan 2 2000 09:01:07 +02:00  c870-advipservicesk9-mz.
124-11.T.bin
    3  -rwx         780   Jan 2 2000 10:02:54 +02:00  vlan.dat

23482368 bytes total (1576960 bytes free)

be sure that tftp connection is working (with ping etc), erase the current IOS image sitting on flash memory to make room for the new one (or rename it to something different if there is plenty of space) with:

c871#delete flash:c870-advipservicesk9-mz.124-11.T.bin

then transfer the new image to the flash memory by tftp with:

c871#copy tftp://192.168.2.101/cisco/c870-advipservicesk9-mz.124-24.T6.bin flash:
Destination filename [c870-advipservicesk9-mz.124-24.T6.bin]?
Accessing tftp://192.168.2.101/cisco/c870-advipservicesk9-mz.124-24.T6.bin...
Loading cisco/c870-advipservicesk9-mz.124-24.T6.bin from 192.168.2.101 (via Fa
Ethernet4): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!
[OK - 21898144 bytes]
21898144 bytes copied in 254.276 secs (86120 bytes/sec)

and reload the router.

For Cisco 881 router it is possible to accommodate the latest IOS version 15.2 due to better hardware capabilities of the router, 256Mb RAM (easily expandable to 768MB with a SODIM module) and 128Mb flash. The issue with the default c880data-universalk9 image is the lack of the advanced IP services (no EIGRP, etc) which require a separate license. If you can find a certain image (c880data-universalk9-mz.151-4.M.bin, see references) you can easily activate the demo license for a nearly unlimited time with:

c881(config)#license boot module c880-data level advipservices

reload the router and

sh lic

gives 

Index 1 Feature: advipservices
        Period left: 624 weeks 6  days
        Period Used: 2  minutes 26 seconds
        License Type: Evaluation
        License State: Active, In Use
        License Count: Non-Counted
        License Priority: Low
Index 2 Feature: advsecurity
        Period left: Life time
        License Type: Permanent
        License State: Active, Not in Use
        License Count: Non-Counted
        License Priority: Medium
Index 3 Feature: ios-ips-update
        Period Used: 0  minute  0  second
        License Type: Evaluation
        Start Date:         N/A, End Date: Jan 01 2026
        License State: Not in Use, EULA not accepted
        License Count: Non-Counted
        License Priority: None
Index 4 Feature: WAAS_Express
        Period left: Not Activated
        Period Used: 0  minute  0  second
        License Type: Evaluation
        License State: Not in Use, EULA not accepted
        License Count: Non-Counted
        License Priority: None
Index 5 Feature: SSL_VPN
        Period left: Not Activated
        Period Used: 0  minute  0  second
        License Type: Evaluation
        License State: Not in Use, EULA not accepted
        License Count: 100/0/0  (Active/In-use/Violation)
        License Priority: None

Upgrade procedure using USB flash memory stick

This procedure applies only to routers having a USB port. The Cisco 881 have an USB 1.1 port which is slower than USB 2.0 Simply copy the desired image to the usb memory stick that is FAT32 formatted then copy that image to the router’s flash memory with:

c881#copy usbflash0:/c880data-universalk9-mz.151-4.M.bin flash:

reload the router and enjoy the new cisco IOS 881 image with nearly unlimited advipservices (see 3th reference).

references:
http://www.techrepublic.com/blog/networking/using-a-usb-flash-drive-with-your-cisco-router/316
http://www.routergeek.net/general/how-to-upgrade-ios-on-a-cisco-router/
http://www.anticisco.ru/forum/viewtopic.php?f=2&t=2299

372 views
Posted in Hardware, IT stuff | Tagged , , , | Leave a comment

how to autmatically select fastest mirror in Ubuntu server, the CLI way

Posted on January 18, 2012 by admin

In Ubuntu server 10.04 the package manager apt-get supports the mirror method that will automatically select a good local (and faster) mirror based on your location. To make use of it, just add the following lines on top of the file /etc/apt/sources.list:

deb mirror://mirrors.ubuntu.com/mirrors.txt lucid main restricted universe multiverse
deb mirror://mirrors.ubuntu.com/mirrors.txt lucid-updates main restricted universe multiverse

then issue sudo apt-get update
and enjoy the fastest speed.

This was the command line way. There is also a GUI way, that can be found within the below references.

References:
http://askubuntu.com/questions/37753/how-can-i-get-apt-to-use-a-mirror-close-to-me
http://mvogt.wordpress.com/2011/03/21/the-apt-mirror-method/

135 views
Posted in En, IT stuff, Linux | Tagged , | Leave a comment

Routers throughput test

Posted on December 14, 2011 by admin

Having bought a Cisco 871 and 881 routers for CCNA class practice I was wondering whether I can actually use one of them to replace my current router connected to my ISP. Although my current “router in chief” Asus RX3041 does serve me well, it doesn’t have a telnet/ssh option for remote access.

As my ISP does provide a bandwidth of 100Mbps (uplink/downlink) the question is that if the purposed device can handle such load. From here the whole idea of testing the throughput of all my home routers arose.

The Results

The following graph show the throughput test measured for WAN to LAN ports, the router speed test. Some tests were done with firewall, NAT, port forwarding and other services on and off, where appropriate. The Cisco routers were tested only with NAT activated.

Device Bandwidth, Mbits/sec Transfered M.Bytes Note
SMC7004ABR w Fw 17 21 firewall on
SMC7004ABR 25 30  
Cisco 871 35 42  
Asus RX3041 95 113 firewall on
Cisco 881 95 114  
Asus RT N-16 w Fw 130 149 firewall on
Asus RT N-16 133 158  

Although the WAN to LAN speed test was the primary goal of the measurements, I’ve checked also the LAN to LAN speed test of the devices, a.k.a. the switch speed test, as shown in the next table:

Device Bandwidth, Mbits/sec Transfered M.Bytes
Mikrotik 250GS 216 258
Asus RT-N16 216 258
Cisco 871 95 114
Asus RX3041 95 113
Cisco 881 95 113
SMC7004ABR 95 113

The Test Bed

"router test bed"

Laptop HP HP 5735 server

The tested device (router or switch) was used in a set up as in the above image, so that the WAN port of the device was connected to the laptop HP nx6325 and the LAN port to the HP t5735 thin client as a server, both computers running iperf as a measurement tool for the actual throughput test, under Linux platform (Ubuntu 10.10 and 10.04 respectively).

Both computers have a Gigabit network interface card with auto sensing, and in a “back to back speed test” it obtained a 216 Mbits/sec throughput, which it seems to be the upper limit with this given configuration.

The cable used were cat 5 S-FTP cables, 2-3 meters length. ethtool and mii-tool were used to check that interfaces are in 1000Mb/s mode.

On the server the following command was issued to start iperf in listening (server) mode:

linux-user@t5735:~$ iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------

On the laptop, the corresponding command is: 

iperf -c the IP address of the server

to instruct iperf to do the actual throughput test.

CONCLUSIONS

Although all devices are labeled 100Mbits/s (Fast Ethernet) or even Gigabit Ethernet on all ports, this is not always what it can handle.

THE BAD

The Asus RT-N16 router is labelled as Gigabit router but it’s WAN port speed is far from Gigabit capability but still over Fast Ethernet speed (this is good because many Fast Ethernet labelled routers does not reach 100 Mbits/sec)

The Cisco 871 and SMC Barricade 7004 are the most disappointing routers as are unable to route WAN to LAN at Fast Ethernet speed. I was expecting better performance from Cisco 871 device but no, it does not do it’s job, if you want more power, use Cisco 881 which it is “a totally different animal”.

THE GOOD

The Asus RX3041 and Cisco 881 router are “fair” routers, means that it does what it claims, to route packets at 100Mbits/sec speed. For a home router, Asus RX3041 is the best choice, being fast, small and easy to operate. If you have the required skills, Cisco 881 would be better, being flexible, fast and with much more abilities, but with bigger form factory.

I have let the ASUS RT-N16 as the last thing to mention, because, in fact, this is my favourite device. It does routing at higher speeds than Fast Ethernet (133 Mbits/sec with dd-wrt firmware), it is small, energy saver, easy to configure and, with this dd-wrt firmware, a very very powerful home router too (as it does NAS, print server, ssh, wireless, web server, etc, just to mention few of them).

48 views
Posted in ASUS RT-N16, En, Hardware, IT stuff, Linux | Tagged , , , , , , , | Leave a comment

Ubuntu 10.04 tftp server how-to (tftpd-hpa)

Posted on November 6, 2011 by admin

As I need a TFTP server for using with a Cisco router (saving / retrieving configuration files, install Cisco SDM, etc.), but the configuration of the tftpd-hpa server in Ubuntu 10.04 it is quite unintuitive.

The installation is simple, just issue 

sudo apt-get install tftpd-hpa

The TFTP server configuration file is /etc/default/tftpd-hpa and by default it instructs the TFTP daemon to use the /var/lib/tftpboot directory to store its files and is running under “tftp” username.

This default configuration will not work (you can’t upload files) and need adapted. First change the directory to store files to one that you can have under control, as /var/lib/tftpboot is under root user control, and set the permissions accordingly, like:

mkdir tftp-directory
chmod 777 tftp-directory

The tftp-directory must have global write permissions in order to upload in there. Additionally, any file put in there by other means than TFTP must be world writable, otherwise it can’t be overwritten. This can be done with acl[3] (access control list) or adjusting each of it with chmod go+w.

Keep in mind that by default the TFTP server will not allow to upload a new file, the file must exist already on the server and then it can be overwritten. The man page clearly stated that "By default, tftpd will only allow upload of files that already exist.". If you will try to upload a new file (assuming right permissions are set), it will respond with an error message of “Error code 1: File not found”, but if you will try to upload an non-existent file it will give a different error message as “No such file or directory”.

The solution for the above behaviour is to ensure the existence of the file name on the server before to upload it or to add the parameter “-c” or “–create” to the config file as: 

TFTP_OPTIONS="--secure --create"

Cautions must be taken if creating files is enabled as now everyone is able to write to your tftp server without restrictions. As tftp does not require authentication I recommend to use it only inside a secure LAN, behind a firewall that block UDP port 69.

To back-up the configuration file of the Cisco router to the tftp server, log on to the router and issue:

871#copy running-config tftp://192.168.2.101

replacing 192.168.2.101 with the IP address of your tftp server. The result of the operation should be similar to:

Address or name of remote host [192.168.2.101 ]?
Destination filename [871-confg]?
!!
798 bytes copied in 0.800 secs (998 bytes/sec)
871#

References:
https://bugs.launchpad.net/ubuntu/+source/tftp-hpa/+bug/664424
http://www.linuxquestions.org/questions/ubuntu-63/tftpd-hpa-on-ubuntu-6-10-error-code-1-file-not-found-578997/
[3]applying-default-permissions-for-newly-created-files-within-a-specific-folder

827 views
Posted in En, IT stuff, Linux, Software | Tagged , | 1 Comment

Ubuntu 10.04, set bios clock to local time and prevent Ubuntu to change it to UTC

Posted on September 23, 2011 by admin

After installing Ubuntu 10.04 as sole operating system on the computer I found that BIOS time it is different from system time (that shown as time clock when running Ubuntu) but the date it is correct. This is due the fact that Ubuntu set hardware clock (BIOS time) as UTC time and then translate it as local time to display it on screen.

That create a confusion, because I’ve set up the computer to wake-up from BIOS RTC alarm at a specific time, on daily basis. Then surprise, instead to have the computer on at 9:00 local time, it was off. For a while I’ve presumed that the BIOS function wake-up from RTC alarm it was broken, but the culprit it is that Ubuntu use hardware clock as UTC ant not as local time.

To set Ubuntu to use BIOS time (hardware clock) as local time do:

edit the file /etc/default/rcS and change the parameter UTC from UTC=yes to UTC=no

set the hardware clock (BIOS time) to local clock:

sudo hwclock --systohc --localtime

Check that BIOS time it is same as system time with (from terminal):

sudo hwclock -r
date

both results should be the same.

References:
http://www.digitalinternals.com/138/20091122/how-to-prevent-ubuntu-from-setting-bios-clock-to-utc/
https://help.ubuntu.com/community/UbuntuTime

171 views
Posted in En, IT stuff, Linux | Tagged | 1 Comment

Install Firefox 6 in Ubuntu 10.xx and make the Firefox menu button orange

Posted on September 17, 2011 by admin

Ubuntu 10.04 or 10.10 is having in it’s repos only Firefox 3.6.x, which I consider obsolete. To install Firefox 6 from repos just add the Mozilla ppa repo as (using terminal):

 sudo add-apt-repository ppa:mozillateam/firefox-stable
 sudo apt-get update
 sudo apt-get upgrade

Alternatively, from GUI, use Synaptic, go “Settings Menu” –> “Repositories” then “Other sowtfare” tab, click “Add” button and put “ppa:mozillateam/firefox-stable”, reload the repos then update Firefox.

An extended article about it can be found here.

CUSTOMIZATION

The real issue with Firefox 6 in Ubuntu it is to change the appearance of the Menu button to looks orange (like in Windows), because in Ubuntu it is not orange but darker color and does not stand visible. see pictures

To change the colour of the Firefox Menu button to orange (more visible, like Opera) it is required to install the add-on from http://userstyles.org/styles/43590/firefox-4-menu-button-v2-linux (require to install stylish add-on first)

I miss the status bar also, therefore I install it form https://addons.mozilla.org/en-US/firefox/addon/status-4-evar/

Enjoy the power of Firefox 6.

51 views
Posted in En, IT stuff, Linux, Software | Tagged | Leave a comment

Install Eclipse 3.7 (Indigo) PDT (PHP) on Ubuntu 10.04 or 10.10, 64bits

Posted on August 29, 2011 by admin

My favourite IDE development, especially for PHP devel, Eclipse 3.7 it is easy to install on Ubuntu 10.04/10.10. The Eclipse version which it is already in Ubuntu 10.04 repos it is quite outdated, Ubuntu 10.04.1 offering to install Eclipse Galileo (v. 3.5) which is since June 2009. Therefore, the steps I’ve done to install v. 3.7 (June 2011) are:

- Install Sun Java 6 (if it is not done already): 

sudo apt-get install sun-java6-jdk

My current version is: 

java -version
java version "1.6.0_26"
Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
Java HotSpot(TM) 64-Bit Server VM (build 20.1-b02, mixed mode)

- Install Eclipse. This it is merely downloading the right archive from Eclipse download site and extract it to a suitable directory (my choice was /opt/eclipse). I’ve opted for Eclipse Classic 3.7, 173 MB, because there it is not a PHP Eclipse edition available and therefore an indirect way must be approached. Alternatively one can download the Eclipse IDE for Java EE Developers, 210 MB

Download it, extract it, move it to desired folder, add the eclipse executable to Gnome menu by right-click on “Applications” menu, then choose edit menus, add it to “Programming” category menus, customize it’s icon using icon.xpm supplied by eclipse and launch it.

To install PHP development plugin (and any other additional feature go to “Help” menu –> “Install new software” and from the drop down list (work with:) select “all available sites”. Then select “Programming languages –> PHP development tools (PDT) SDK feature” and any other feature as needed. Interesting features for a PHP developer are also “Web Page Editor”, “JavaScript Development Tools”, “Eclipse Web Developer Tools”, “Rich Ajax Platform Tooling” and other plugins according to your taste. After installing the desired plugins and restarting Eclipse, select the desired workbench perspective (from far right menu), or clikc on the “Open perspective” icon to bring up the desired perspective if it is missing.

Happy Eclipse-ing.

1,652 views
Posted in IT stuff, Linux, Software | Tagged | Leave a comment

ubuntu 10.10 wireshark no interfaces available, solved

Posted on August 6, 2011 by admin

In Ubuntu 10.10 and 10.04 when starting Wireshark as a normal user, no interfaces for capturing packets are shown. The issue it is that by default only root can capture from interfaces and can be circumvented in several ways as:

- run Wireshark as root:

Caution: this way is not recommended and should be avoided as Wireshark creators recommend here.

Go to System –> Preferences –> Main Menu and edit the Wireshark launcher as in the picture (or right click on Applications and then Edit Menus).
wireshark gksudo

- raise the capture privileges for the desired user, by adding capturing capabilities:

Note: This is the recommended way by the Wireshark creators, here.

sudo addgroup -system wireshark
sudo chown root:wireshark /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

and run the following changing YOUR_USER_NAME with the desired user name:

sudo usermod -a -G wireshark YOUR_USER_NAME

Then just start Wireshark and select the network interface.

References:
http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
Wireshark security risk when running as root
Taking Advantage of Linux Capabilities
http://stream-recorder.com/forum/solving-no-interfaces-problem-wireshark-ubuntu-10-t8742.html
http://www.mikestechblog.com/joomla/operating-systems-section/operating-systems-ubuntu/131-ubuntu-wireshark-no-interfaces-eth0.html

235 views
Posted in IT stuff, Linux, Software | Tagged | Leave a comment