a file I/O error has occurred while accessing vmware converter

While converting physical Windows 7 machine to Virtual machine of infrastructure type, I got this error. The error seems it is unable to read/write source or destination datastore.

I have installed VMware-converter-en-6.2.0-8466193 on Windows 7 physical machine with option locally selected. (not at server/client option)

All of my ESXi servers are connected to the vCenter Server, so I had to use vCenter Server's IP address to send this physical machine to the virtual world.

The issue i found was with the dns resolution to the vCenter Server's hostname. Since I am not using the same dns server on the Windows 7 client machine. So I updated the host entries manually for the vCenter Server's hosname to it IP address.

After adding dns eteries to the hostfile of windows 7, I am not getting this "a file I/O error has occurred while accessing vmware converter" and the migration has started. 

How to check Gray-log current running version

If you planning to upgrade your graylog and want to see what your graylog current version is, here is how you can check it.
  • Go to the Graylog Web Interface
  • Click on System/Nodes
  • Under System/Nodes --- Click on the Nodes 
  • Scroll down to the 'System'
Here you can see the current version of your graylog server



Graylog is restarting stuck with disk full

Graylog is restarting...
There is no Graylog web application running at the moment, please reload this page in a minute. It can take up to 1-2 minutes until all services are running properly. In case this is a permanent error, check the following:

Check if all services are running - sudo graylog-ctl status shows an overview of all running services
Check for errors in log files - Relevant services write log files here: /var/log/graylog/*/current
Ask for help - If there is no way to fix the issue ask for help:


I got this error on my Gray-log server, upon troubleshooting I found that the disk was 100% full and was unable to start elastic search mongodb and etcd while checking gray-log server status with command
#graylog-ctl status

Solution to this problem was obvious that I have to clean some disk space to get gray-log working again but what file should I delete was my next thought!

Upon googling I found that I could safely delete the old log files of elastic search to free up the space.

So I stopped gray-log server with

$sudo graylog-ctl stop

My gray-log installation path for elasticsearch logs was at

root@graylog:/var/opt/graylog/data/elasticsearch/graylog/nodes/0/indices#

Listed the files at this path

root@graylog:/var/opt/graylog/data/elasticsearch/graylog/nodes/0/indices# ls -al

drwx------ 7 graylog graylog 4096 Aug 12  2016 graylog_0
drwx------ 7 graylog graylog 4096 Aug  3  2017 graylog_1

I deleted one old log folder "graylog_0" which had consumed disk space of around 5 GB inside it.

root@graylog:/var/opt/graylog/data/elasticsearch/graylog/nodes/0/indices# rm -R graylog_0/

After deleting the log folder I restarted the graylog server

root@graylog:~# graylog-ctl start

Now I can access graylog server, all my configuration and dashboards are in place and working good. But I am getting an error for etcd (for clustering of node) of database corruption, a type of file "wal" is not accessible.

Since this is the only of my node and not a cluster configuration, I deleted the etcd folder and reconfigured the graylog server.

Delete the etcd folder here

root@graylog:~#/var/opt/graylog/data/rm -R etcd

root@graylog:~#/var/opt/graylog/data/graylog-ctl reconfigure

Now i can see the working status of all service with graylog as below

root@graylog:/var/opt/graylog/data/etcd/member# graylog-ctl status
run: elasticsearch: (pid 4437) 21s; run: log: (pid 876) 1059s
run: etcd: (pid 4272) 25s; run: log: (pid 891) 1059s
run: graylog-server: (pid 4490) 20s; run: log: (pid 857) 1059s
run: mongodb: (pid 4314) 23s; run: log: (pid 890) 1059s
run: nginx: (pid 4515) 20s; run: log: (pid 856) 1059s





How to import Putty Saved Connections to mRemoteNG

Just started using mRemoteNG and its being very cool to connect to different remote connection with different protocols e.g Window Remote Desktop, VNC to Linux, SSH, HTTP connection etc. from a single application.

As new user I configured some remote desktop connection which was quite easy to figure out. But when I wanted to add SSH connections, it came in my mind to import all of the saved connections in the putty. But I couldn't figure it out how can it be done, though it was quite easy and here are the steps.


  • Open your mRemoteNG
  • Create a folder if you want segregation of multiple networks
  • Create a new connection
  • Enter the IP address of remote server under connection in Config pane
  • Under the config pane, select protocol "SSH version 2". 
Once you select protocol to SSH version 2 you are given option to import putty sessions, as shown in the snap below.


In the above snap, I have imported CSR-AWS session from my saved sessions in Putty.



VMWare Datastore inactive but Status Normal

I got this issue with my iSCSI disk provided by Microsoft Windows Server. I am able to access the iSCSI datastore, all of my Virtual Machines are operational with any issue, my iSCSI datastore is showing as inactive but its status is showing normal.
It happend after I had removed iSCSI targets from Windows but and added new target after some time.
What I did;
  • Rescanned all datastore multiple times --- no luck
  • restarted management services from SSH of all ESXi hosts with command 
  • $ services.sh restart --- no luck
  • Removed and re-added targets from iSCSI (Windows) Side --- no luck
  • Removed few VMs which were in inaccessible state and then rescanned datastore --- no luck
Finally restarted each ESXi host at a time, it solved the problem.

Connection control operation failed for disk 'ide1:0'

I was getting this error while removing Operating System ISO image mounted on the Virtual Machine.

What worked for me, is
1. Uncheck the "Connected and Connect at power on" from Device Status.
2. Then Change the Device type from "Datastore ISO File to Client Device" Radio Button
3. and press OK to save the changes.

Note:- I was able to remove the mounted ISO only by directly logging to the ESXi at https://esxi-ip-address/ui

where it asks

"The guest operating system has locked the CD-ROM door and is probably using the CD-ROM, which can prevent the guest from recognizing media changes. If possible, eject the CD-ROM from inside the guest before disconnecting. Disconnect anyway and override the lock?"

You need to select yes to eject the CD-ROM and then remove the ISO file successfully.

snmpwalk End of MIB


[root@monitoring ~]#  snmpwalk -c public -v1 10.0.33.228
End of MIB

I was trying to do snmwalk walk for a Cisco Router in GNS3, and was getting only End of MIB after a snmpwalk command. 
It turned out that in my Cisco Router configurations I had allowed my SNMP host with ip address with community string "public" but I had not configured the community string separatly with the command 
#snmp-server community public

This was my configuration mistake but took some time to figure it out

GNS3 Docker Error while creating node: Docker has returned an error: Cannot connect to host docker:80

Error while creating node: Docker has returned an error: Cannot connect to host docker:80 ssl:False [No such file or directory]

After adding docker template for Alpine Linux in gns3, you get above mentioned message when you want to use alpine linux in GNS3.

To get rid of this message you have to install Docker by following below link
curl -fsSL https://get.docker.com/ | sh

If you do not have curl installed then instal curl first with below command.
apt-get install curl

After installing Docker you need to add your user name in the docker group with the following command. 
$ sudo usermod -aG docker your_username

Verify if the docker service is started with following command
$ service docker status

If docker is not started then start with following command 
$ sudo service docker start

Logout from GNS3 Virtual Machines and log back. Start gns3 and use alpine linux.

Advantage of using System ID extension in Switch Bridge ID

The format of the original 802.1d bridge ID was redefined from two byte priority + MAC address to System ID extension mainly due to the advent of multiple spanning trees as supported by Per VLAN Spanning Tree Plus (PVST+) and IEEE 802.1s Multiple Spanning Trees (MST). With the old-style bridge ID format, a switch’s bridge ID for each STP instance (possibly one per VLAN) was identical if the switch used a single MAC address when building the bridge ID. Having multiple STP instances with the same bridge ID was confusing, so vendors such as Cisco Systems used a different Ethernet BIA for each VLAN when creating the old-style bridge IDs. This provided a different bridge ID per VLAN, but it consumed a large number of reserved BIAs in each switch. 

The System ID Extension allows a network to use multiple instances of STP, even one per VLAN,  but without the need to consume a separate BIA on each switch for each STP instance. The System ID Extension field allows the VLAN ID to be placed into what was formerly the last 12 bits of the Priority field. A switch can use a single MAC address to build bridge IDs, and with the VLAN number in the System ID Extension field still have a unique bridge ID in each VLAN. The use of the System ID Extension field is also called MAC address reduction, because of the need for many fewer reserved MAC addresses on each switch.




How to configure Default Gateway on Nexus 1000v

In case you are finding it hard to reach default gateway from your newly installed Nexus 1000v virtual machine, here is one quick thing to check and configure before you can reach to the default gateway and other allowed subnets from your Nexus 1000v VM.

Configure the management IP Address and default gateway on Nexus 1000v as per below commands

conf t
interface mgmt 0
ip address 192.168.0.100/24
exit
vrf context management
ip route 0.0.0.0/0 192.168.0.1
exit
copy run start

Note: Change the IP address as per your subnet.

Why STP Bridge Priority is Configured in increment of 4096

Spanning-tree operation requires that each switch have a unique BID (Bridge ID). In the original 802.1D standard, the BID was composed of the bridge priority and the MAC address of the switch, and all VLANs were represented by a CST, Common Spanning Tree. Because Cisco started to use unique instance in PVST+ PVRST+ for each VLAN STP Process, there came need to provide Unique BID for each separate instance of STP per VLAN. So what Cisco Did! divided the Bridge priority field of 16 bits into two parts, 4 bits for priority and 12 bits for VLAN ID and named it as Extended VLAN ID. Now because only left most four bits are reserved for Bridge priority, you can only make the combinations of discrete values in increments of 4096 with those bits.

%Error opening tftp://255.255.255.255/ciscortr.cfg (Timed out)

After I reset my Cisco Router 1841, It started to give error messages like below; 

%Error opening tftp://255.255.255.255/network-confg (Timed out)
%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
%Error opening tftp://255.255.255.255/router-config(Timed out)
%Error opening tftp://255.255.255.255/ciscotr.cfg (Timed out)

Actually these error messages are caused due to default configurations in Cisco IOS Software, which attempts to access the service configuration files from a network Trivial File Transfer Protocol (TFTP) server, and if the router is unable to acces the TFTP Server then it start displaying these messages.
Yo can stop displaying these error message by entering following commands at Cisco CLI 

Router#config terminal 
Enter configuration commands, one per line. 

Router(config)#no service (this is command to stop these error messages)

config Router(config)#end

Router#write

How to Convert Linux Ubuntu Partition into Windows Partition

You need to format the partition on which you want to install Linux Ubuntu and the type of Linux Format is completely different than those of Windows Format types. That's why hard disk partition on which Ubuntu is installed is not view able from Windows Operating System, because windows does not support Linux Ubuntu Formats. 
This goes good until you want to both operating systems with dual boot system. When you do not want to use Linux Ubuntu you will have to convert its partition to NTFS or FAT32 in order to access the partition and store and access data from this partition.

One method to convert Ubuntu partition to Windows is to convert and format the partition with Free MINITOOL Partition Program.

Remember this procedure will only convert to Windows Supported partitions and will ask you to format the partition until you can use it. So you will loose any data on your Ubuntu partition. 
See How to access Ubuntu files from Windows without formatting the Ubuntu partition


2. Start Minitool

3. Select the Ubuntu partition to convert into NTFS
 4. Click on the "Change Partition Type ID" on the Left Bar as shown below
5. Select "NTFS" from drop down menu of "Please select Predefined ID from the list" and press Yes
6. Click "Apply" at the Top left.

7. Restart Window and you will See your Partition in the My Computer

8. Format the Partition to Use in Windows.

Command rejected: An interface whose trunk encapsulation is "Auto" can not be co nfigured to "trunk" mode.

This error is returned by Cisco IOS, when the trunking encapsulation is not set on one side of the switch and the other hand switch is configured properly. One of the case may be, when trunking between the port of a switch on one side and port of Switch-type interface on the router on other side. As you know that Dynamic Trunking Protocol, DTP, is not run by the Router so the Trunking can not be negotiated at this situation. To mitigate the error at this situation do the following steps;


networkpcworld(config-if)#switchport mode trunk 
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode. 


Go to the desired Interface where you are getting this error
networkpcworld(config)#int fa0/0/1


Enable trunk ecnapsulation manually 
networkpcworld(config-if)#switchport trunk encapsulation dot1q
Note:- After setting encapsulation, most probably the switch interface would be converted to trunk by switchport mode trunk command. If not then enter the below command, at the same interface. 


Set the port to dynamic Desirable
networkpcworld(config-if)#switchport mode dynamic desirablenetworkpcworld(config-if)#switchport mode trunk

Difference between Asynchronous and Synchronous Transmission

Asynchronous transmission uses start and stop bits to signify the beginning bit ASCII character would actually be transmitted using 10 bits e.g.: A "0100 0001" would become "1 0100 0001 0". The extra one (or zero depending on parity bit) at the start and end of the transmission tells the receiver first that a character is coming and secondly that the character has ended. This method of transmission is used when data is sent intermittently as opposed to in a solid stream. In the previous example the start and stop bits are in bold. The start and stop bits must be of opposite polarity. This allows the receiver to recognize when the second packet of information is being sent.

Synchronous transmission uses no start and stop bits but instead synchronizes transmission speeds at both the receiving and sending end of the transmission using clock signal(s) built into each component. A continual stream of data is then sent between the two nodes. Due to there being no start and stop bits the data transfer rate is quicker although more errors will occur, as the clocks will eventually get out of sync, and the receiving device would have the wrong time that had been agreed in the protocol for sending/receiving data, so some bytes could become corrupted (by losing bits).
Ways to get around this problem include re-synchronization of the clocks and use of check digits to ensure the byte is correctly interpreted and received.

Ubuntu Boot Error --- Missing modules (cat /proc/modules; ls /dev)

Boot from (hd0,0) ext3 5108701a-641d-43b182eb-aeb6da348d62
Starting up ...
Loading, please wait...
Gave up waiting for root device. Common problems:
- Boot args (cat /proc/cmdline)
- Check rootdelay= (did the system wait long enough ?)
- Check root = (did the system wait for the right device ?)
- Missing modules (cat /proc/modules; ls /dev)
ALERT! /dev/disk/by-uuid/5108701a-641d-43b182eb-aeb6da348d62 does not
exist . Dropping to a shell!


Busybox v1.10.2 (Ubuntu 1:1.10.2-2ubuntu7) built-in shell (ash)
Enter 'help' for a list of built-in commands.
(initramfs)
Just boot ubuntu by selecting another option of booting ubuntu from grub menu at startup, and upgrade ubuntu as per the steps given below

Network Upgrade for Ubuntu Desktop


You can easily upgrade over the network with the following procedure. 
  1. Start System/Administration/Update Manager

  2. Click the Check button to check for new updates. 

  3. If there are any updates to install, use the Install Updates button to install them, and press Check again after that is complete. 

  4. A message will appear informing you of the availability of the new release.um1.png 
  5. Click Upgrade
  6. Follow the on-screen instructions. 
If during upgrade an error is generated, then you will be given a command to enter into the terminal mode.
Enter that command in terminal mode, you will be asked to modify grub menu, select first option to modify grub menu (do not select keep exisiting menu).
Then go to updater and update it.
You are done


Restart the pc and boot by selecting the normal mode of ubuntu from grub menu...

What is Cisco Chassis, Backplane, Line Card

What does Chassis means?
A Chassis is a frame/housing for mounting the circuit components for Cisco Switches and Routers or any type of devices that provides power and a high-speed backplane. The frame also protects all of the vital internal equipment from dust, moisture, and tampering. 

Making the Chassis to define even easier is; 
A chassis is an enclosure; a container that holds things together... i.e. an egg carton holds eggs together inside. A chassis does the same thing; it holds the important things inside like wiring, power supplies etc. 

Cisco Chassis, Click to enlarge
Cisco Backplane, Click to Enlarge
What does Backplane means?
Backplane is a circuit board with sockets that allows Supervisor engines Cards or modules to be inserted into these sockets and connect them to each other. Backplane is mounted on the Chassis. 

Modules or line cards provide different types of interfaces, but the processing of packets is usually done in the Supervisor engine. Backplane is the medium for data flow between modules and Supervisor engines. 

Additionally, most high-end switches off-load processing away from the supervisors, allowing line cards to switch traffic directly between ports on the same card without using any processing power or even touching the backplane. Naturally, this can't be done for all traffic, but basic layer-2 switching can usually be handled exclusively by the line card, and in many cases also more complex operations can be handled as well. 

What does Line Card means?
The line cards provide interfaces to the network.

What is Cisco Supervisor Engine?

Supervisor Engine is a module that is installed in the Cisco Chassis-based Catalyst Switches or Routers. Supervisor engine contains nearly all the same components of a fixed Cisco Switches or Routers. These Supervisor engines come in a variety of different types with different functionalities and are installed in the Switches/Router Chassis as per requirements of the network types.

Benefits of Supervisor Engines
By installing Latest Supervisor Engines in your existing investments (Switches and Routers) you can scale system performance and integrate next-generation services into your Networks.
Within a single multilayer switch chassis, two supervisor modules with integrated route processors can be used to provide hardware redundancy. If an entire supervisor module fails, the other module can pick up the pieces and continue operating the switch.
The supervisor engine contains the following integrated daughter cards that perform forwarding and routing and provide the protocols supported on the router.

Cisco Supervisor Engine, Sup-2T

Policy Feature Card (PFC) is the forwarding plane and does the following:

Performs Layer 2 and Layer 3 forwarding.
Enforces access control list (ACL) functions.
Performs policing and marking for quality of service (QoS) traffic.

Multilayer Switch Feature Card (MSFC) is the control plane and does the following:
Performs routing for the chassis. The MSFC contains the route processor (RP) and Switch processor (SP) for the router.
Runs Layer 2 and Layer 3 protocols, such as the Spanning Tree Protocol (STP) and others.

You can View a 3D model of Catalyst 6500 Switch, here you can see how the Catalyst Switch 6500 looks like, Mount/Demount Supervisor engines, and other inserted modules, view short details of them by demounting from Chassis.

Difference between In Band and Out of Band Protocols

In band
In-band control is a characteristic of network protocols with which data control is regulated. In-band control passes control data on the same connection as main data.In Band Protocols
Protocols that use in-band control include HTTP and SMTP.
SMTP is in-band because the control messages, such as “HELO” and “MAIL FROM”, are sent in the same stream as the actual message content.

Out of Band
In computer networking, out-of-band data (called “urgent data” in TCP) looks — to the application — like a separate stream of data from the main data stream. This can be useful for separating two different kinds of data. Note that just because it is called “urgent data” does not mean that it will be delivered any faster or with higher priority than data in the in-band data stream. Also beware that unlike the main data stream, the out-of-band data may be lost if the application cannot keep up with it. “Urgent data” notifies the receiving connection that the separate stream is more important than the main stream. Therefore it must first check the separate stream in order to process the main stream normally.

To Understand this, cosider the file transfer through FTP Protocol (an Out of Band Protocol)

FTP operates on the application layer of the OSI model, and is used to transfer files using TCP/IP. In order to do this an FTP server needs to be running and waiting for incoming requests. The client computer is then able to communicate with the server on port 21. This connection, called the control connection, remains open for the duration of the session, with a second connection, called the data connection, either opened by the server from its port 20 to a negotiated client port (active mode) or opened by the client from an arbitrary port to a negotiated server port (passive mode) as required to transfer file data.
The control connection is used for session administration (i.e., commands, identification, passwords) exchanged between the client and server using a telnet-like protocol.

For example “RETR filename” would transfer the specified file from the server to the client. Due to this two-port structure, FTP is considered an out-of-band protocol.

How to Connect Cisco Switches/Routers with Cisco Network Assistant

This post is about how to configure a Cisco standalone Device so that it may be connected with Cisco Network Assistant (CNA) Successfully.
In production Networks, Cisco devices are often configured with basic required configuration for successful connection of CNA with the Cisco Devices and most of the time you do not need to configure them specially for CNA Connection.So for successful connectivity between a Cisco Device and a PC with CNA Installed is two part process.First of all we focus on how to configure a Cisco Switch then we will install CNA on a PC and Connect it with the switch.
Configure a Switch with ip http server command in Global Configuration mode
Switch(config)#ip http server
Define a Vlan and SVI, assign an IP Address from a Private IP Address Range so that it can be connected with CNA. Here I am configuring VLAN 100, with SVI 100 and IP Address Subnet as 172.16.100.0/24
Switch>en
Switch#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#vlan 100
Switch(config-vlan)#exit
Switch(config)#interface vlan 100


%LINK-5-CHANGED: Interface Vlan100, changed state to up
Switch(config-if)#ip add 172.16.100.1 255.255.255.0
This was all the configs on a Switch/router, now download Cisco CNA from here and install on your PC.
Connect an Ethernet Cross Over Cable with your PC’s Network Interface card and the other end with any of the Switch’s Fast Ethernet port.
Set the IP Address of PC’s NIC as shown in the snap below
Launch CNA by double clicking its icon on your PC’s Desktop
Click on Connect Icon, Enter the IP Address of the Switch, that we just have configured (172.16.100.1).
Click OK and You are connected to the Switch.

How to Configure Microsoft Windows Server 2008 R2 as an Internal NTP Server for Cisco Devices

Here we are Configuring a Windows Server 2008 R2 as an NTP Server, I am configuring my Domain Controller as an NTP Server in my Production Environment. So you must be easy while changing some registry values as stated below to make the Windows Server as an NTP Server. (but only do what is directed here).Go to you Domain Controller Server,Click Start, In Run, Type Regedit and press Enter
Navigate to the default Registry Value of NTP Server in Windows Server
HKLM > System > CurrentControlSet > Services > W32Time > TimeProviders > NtpServer
A default installation of Windows Server 2008 R2 can be seen in below picture
Change the Registry Value of Enabled from 0 to 1.
Close the Registry Window
Go to Command Line Window and Type this Command in it w32tm /config /update and you are done.

Now go to your Cisco Device (switch/Router), and configure it to get time from this newly configured ntp server
Switch(Config-t)#ntp server 10.0.0.2
here the IP Address is the IP of NTP Server (Domain controller Configured above).

What is DHCP Protocol and How does it Work

DHCP, Dynamic Host Control Protocol, is a Protocol that operates at Application layer and Automatically assigns IP Addresses to requesting Hosts. DHCP eliminates the manual task by a network Administrator. It also provides a central database of devices that are connected to the network and eliminate duplicate resource assingments. DHCP uses UDP (User Datagram Protocol) to send its request messages to the DHCP Server on Port number 67.

A DHCP Server can provide to a host alot of information when the host is requesting an IP address from a DHCP Server. Here’s a list of the information a DHCP Server can provide:
  • IP Address
  • Subnet Mask
  • Domain Name
  • Default Gateway (routers)
  • DNS
  • WINS information
How DHCP Server is Discovered by Client to get IP address?
The client broadcasts messages on the physical subnet to discover available DHCP servers. Network administrators can configure a local router to forward DHCP packets to a DHCP server from a different subnet. This client-implementation creates a User Datagram Protocol (UDP) packet with the broadcast destination of 255.255.255.255 or the specific subnet broadcast address. Addresses in the Packet for DHCP Server Discovery can be as follows;
Source IP = 0.0.0.0
Source Port = 0
Destination IP = 255.255.255.255
Destination Pot = 67
A DHCP client can also request its last-known IP address. If the client remains connected to a network for which the IP is valid, the server may grant the request.
DHCP Offer
When a DHCP server receives an IP lease request from a client, it reserves an IP address for the client and extends an IP lease offer by sending a DHCPOFFER message to the client. This message contains the client’s MAC address, the IP address that the server is offering, the subnet mask, the lease duration, and the IP address of the DHCP server making the offer. Source and Destination addresses in the server’s DHCP Offer message are as follows;
Source IP = 192.168.1.1
Source Port = 67
Destination IP = 255.255.255.255
Destination Pot = 68
DHCP Request
A client can receive DHCP offers from multiple servers, but it will accept only one DHCP offer and broadcast a DHCP request message. Based on the Transaction ID field in the request, servers are informed whose offer the client has accepted. When other DHCP servers receive this message, they withdraw any offers that they might have made to the client and return the offered address to the pool of available addresses. The DHCP request message is broadcast, instead of being unicast to a particular DHCP server, because the DHCP client has still not received an IP address. Also, this way one message can let all other DHCP servers know that another server will be supplying the IP address without missing any of the servers with a series of unicast messages.
DHCP Acknowledgement
Upon Receiving DHCP acknowledgment message on server, server sends IP Address, lease duration and other info to the client that requrested, and IP address Assignment process to the client by DHCP Server is completed.

How the Traceroute Works, Understanding Traceroute Output and Troubleshooting

How the TRACEROUTE Command Works
The traceroute command is used to discover the routes that packets actually take when traveling to their destination. The device (for example, a router or a PC) sends out a sequence of User Datagram Protocol (UDP) datagrams to an invalid port address at the remote host.
Three datagrams are sent, each with a Time-To-Live (TTL) field value set to one. The TTL value of 1 causes the datagram to “timeout” as soon as it hits the first router in the path; this router then responds with an ICMP Time Exceeded Message (TEM) indicating that the datagram has expired.
Another three UDP messages are now sent, each with the TTL value set to 2, which causes the second router to return ICMP TEMs. This process continues until the packets actually reach the other destination. Since these datagrams are trying to access an invalid port at the destination host, ICMP Port Unreachable Messages are returned, indicating an unreachable port; this event signals the Traceroute program that it is finished.
The purpose behind this is to record the source of each ICMP Time Exceeded Message to provide a trace of the path the packet took to reach the destination.
In the following example, the packet must travel through two routers (157.54.48.1 and 11.1.0.67) to get to host 11.1.0.1. In this example, the default gateway is 157.54.48.1 and the IP address of the router on the 11.1.0.0 network is at 11.1.0.67.

Router#Traceroute 11.1.0.1

   Tracing route to 11.1.0.1 over a maximum of 30 hops
   1     2 ms     3 ms     2 ms  157.54.48.1
   2    75 ms    83 ms    88 ms  11.1.0.67
   3    73 ms    79 ms    93 ms  11.1.0.1
   Trace complete.

The table below lists the characters that can appear in the traceroute command  output.
IP Traceroute Text Characters
Character
Description
nn msec
For each node, the round-trip time in milliseconds for the specified number of probes
*
The probe timed out
A
Administratively prohibited (example, access-list)
Q
Source quench (destination too busy)
I
User interrupted test
U
Port unreachable
H
Host unreachable
N
Network unreachable
P
Protocol Unreachable
T
Timeout
?
Unknown packet type
Troubleshooting with TRACEROUTE
The TRACEROUTE command can be used to determine where a packet stopped on the network.
TRACEROUTE is useful for troubleshooting large networks where several paths can be taken to arrive at the same point, or where many intermediate systems (routers or bridges) are involved.

Multi-layer Switching Exceptions – Packets that Need further Processing

There are some packets that are not forwarded directly by Multi layer switches, but are required further processing. To forward packets using the simultaneous decision processes, the packet must be “Multi Layer Switch-ready” and must require no additional decisions. For example, CEF can directly forward most IP packets between hosts. This occurs when the source and destination addresses (both MAC and IP) are known already and no other IP parameters must be manipulated.
Other packets cannot be directly forwarded by CEF and must be handled in more detail. This is done by a quick inspection during the forwarding decisions. 

If a packet meets criteria such as the following, it is flagged for further processing and sent to the switch CPU for process switching:
  • ARP requests and replies
  • IP packets requiring a response from a router (TTL has expired, MTU is exceeded,
  • fragmentation is needed, and so on)
  • IP broadcasts that will be relayed as unicast (DHCP requests, IP helper-address functions)
  • Routing protocol updates
  • Cisco Discovery Protocol packets
  • IPX routing protocol and service advertisements
  • Packets needing encryption
  • Packets triggering Network Address Translation (NAT)
  • Other non-IP and non-IPX protocol packets (AppleTalk, DECnet, and so on)

Some Hot Tips on OSPF Filtering and OSPF Area Types

Here is the list of some of the tricky concepts of Types of OSPF areas and OSPF Filtering;

OSPF routers do not advertise routes, instead they advertise LSAs. Any
filtering applied to OSPF messages would need to filter the transmission
of LSAs. However, inside one area, all routers must know all LSAs, or
the whole SPF concept fails, and routing loops could occur. As a result,
OSPF cannot and does not allow the filtering of LSAs inside and area,
specifically the type-1 and type-2 LSAs that describe the intra-area
topology.

OSPF is a link state protocol that populates the Link State Database, LSD, to give routers the same area and identical perspective of the OSPF routing domain that perspective is tempered by the type of area the routers are in.

An ABR can also be an ASBR.

When an external Route is defined as an E1, ABRs generate a type 4 (ASBR Summary) LSA into non-backbone, non-stub areas.

The type 4 LSA reflects the cost from that area’s ABR to the ASBR (itself) that redistributed that route into the OSPF domain. This cost is added to the area router’s cost to reach its ABR plus the metric of the external LSA.

Inter-area Routes
Inter-area routes are those generating in another area within the same Routing domain as the local router with the exception of the default route generated by the ABR into stub and totally stubby areas. This default route is not propagated outside of a stub or totally stubby area.

The flooding of LSAs within an area can be prevented with the “ip ospf database-filter all out” commnd which can be applied to an interface.

Several methods filter routes on the local router, whether the router is in the same or a different area than the originater of the routes. Most filtering does not remove the networks from the Link State Database, LSD. the Routes are removed from the routing table, which prevents the local router from using them to forward traffic.

Within the NSSA, when the type 7 LSA reaches the ABR, the LSA is changed to a type-5 and propagated into the backbone. The route now appears as an ordinary external route the routers in non-stub areas outside of the NSSA.

A default route is not automatically generated into an NSSA. A special statement on the NSSA ASBR “Area X default-information originates” will advertise a default route into the NSSA with a type-7 LSA. This default route is propagated into non-stub area in the rest of the OSPF routing domain, by the same rules that apply to any other external routes.

Stub Areas
Native Inter-area and Intra-area route are advertised into the area, but not external routes. In place of external routes the ABR automatically advertise a default route into the stub area as an inter-area route (IA).

Some filtering methods do not remove routes from LSD of area Routers. Routes are only removed from the routing table of the local router. Other routers in the same area that do not have filters applied will continue to advertise the routes. A possible result is a BLACK HOLE in the routing domain, that means an OSPF neighbors could forward traffic to a router that is filtering the route to which it has the lowest cost path.

When filtering routes, the most common method of selecting routes is by subnet and another method is the source of the routes and in OSPF it is the Router-ID.

To choose the best inter-area route, a router uses distance Vector logic of taking its known metric to reach the ABR and adds the metric for that subnet as advertised by the ABR.

If and area has 20 Routers, and the engineer want to filter the route so that five of the routers do not learn the route, type-3 LSA filtering cannot be used. Type-3 LSA filtering can only filter the LSA from being flooded throughout the entire area.

How to send emails to undisclosed recipients?

Do you want to send emails to multiple recipients and want to keep their identities confidential from each other? Have you ever received an email that was addressed to “undisclosed recipient”? This is a way to send to a group of people without exposing their identities to others.

When you need to send to a group of people and want to keep their identity confidential, you can utilize the “BCC” function in your e-mail system.

Bcc recipients get a copy of the email, but their email address is automatically deleted at delivery. Nobody except you and the Bcc: recipient will know that they got a copy, and their email address will not be exposed.

Whether you use Yahoo, MSN, Gmail, or any other email service, do the followings:

• in the “To:” field, put: Undisclosed Recipients <youruserlogin@youremail.com>
then replace youruserlogin and youremail.com with your own e-mail address

• put all your email recipients in the “BCC” box, separate by comma. For example: yourfirstfriend@yahoo.com, yoursecondfriend@hotmail.com, etc

• compose your message as usual

• when finished, simply click the send… and you are done…

runapp.shtml error while connecting SDM with cisco device

re you getting this error of runapp.shtml while connecting Cisco Secure Device Manager, SDM, with Cisco Devices? The error looks like the snap shot below

Without going into the details of the error, we just find out how to avoid this error and connect SDM to the Router Successfully. 
I hope you have configured your Router correctly.

To avoid this runapp.shtml error do the following steps
1. Open Internet Explorer
2. Click the Tools Menu of IE and the Select Internet Options
3. From Internet Options Window, Click the Advanced Tab
4. Scroll down Setting Options up to Security Settings and Check the “Allow Active Content to run in files on My Computer”. (As shown in Snap Below)
5. Click OK 

6. Restart SDM and Connect it with the IP Address of the Router
7. Click the Bar in Internet Explorer Saying Block scrip or Active X Control, and Click Allow Blocked Content, As Shown Below. 

Your are done, your Secure Device Manager is Running Normally