What is Clock Rate and Why is it Set

Clock rate is set or provided to fix the speed at which the data is to be received.
DCEs and DTEs are used in WAN connections. The communication via a WAN connection is maintained by providing a clock rate that is acceptable to both the sending and the receiving device.
For example, if a device connected via a WAN link is sending its signal at 1.544 Mbps, each receiving device must use a clock, sending out a sample signal every 1/1,544,000th of a second. The timing in this case is extremely short. The devices must be able to synchronize to the signal that is sent and received very quickly.
By assigning a clock rate to the router, the timing is set. This allows a router to adjust the speed of its communication operations, thereby synchronizing with the devices connected to it.
Clock rate is set on Router’s Serial Interface, if the router is running as a DCE (Data Communication Equipment). Generally clock rate is provided by teleco or Internet Service Provider through CSU/DSU in this case the router is said to be as DTE (Data Terminal Equipment) Device.Command to set Clock rate on Cisco Router
Router(config-if)#clock rate 1000000

Note:- New ISR Routers adjust Clock rate automatically by detecting DCE connections and set clock rate to 2000000 Router(config-if)#clock rate 1000000

What are Inferior and Superior BPDUs of STP

Today i want to have a very brief talk about what the Spanning-Tree Inferior and Superior BPDUs are and what is the difference between them.
Inferior BPDU of STP
The BPDU is considered inferior, if it carries information about the root bridge that is worse than the one currently stored for the port, or the BPDU has longer distance to reach the current root bridge. Inferior BPDUs may appear when a neighboring switch suddenly loses its uplink and claims itself the new root of the topology. By default, every switch should ignore inferior BPDUs, until the currently stored BPDU expires (time=Max_Age – Message_Age). This feature intends to stabilize STP topology in situations where an uplink on some switch flaps (goes down and up frequently for any malfunction), causing the switch to start sending inferior informationSuperior BPDU of STP
A superior BPDU is one that has a lower Bridge ID. An inferior BPDU would have a higher Bridge ID. This can’t be judged on a single BPDU basis. It’s only in comparison that one can be considered superior or inferior. Receiving a superior BPDU typically means that a switch received a BPDU with a lower Bridge ID than the Bridge ID of the currently elected root bridge.
If a switch receives an inferior BPDU, nothing changes. Receiving a superior BPDU will kick off a reconvergence of the STP topology.

How to install iperf3 on CentOS 7 offline


To install iperf3 on CentOS 7 in offline mode, you need to download two files one for EPEL libraries and one for iperf3, upload to your CentOS machine with WinSCP and then follow two command (given below) to install the iperf3.

Click here to download the latest version of iperf3

Click here to download the latest EPEL library file

EPEL libraries file should have name like this epel-release-*.rpm
Upload both files to your CentOS machine, say in /tmp folder
Take SSH Session of CentOS Machines

Go to the folder where you uploaded both files, i.e. /tmp

Install EPEL release rpm with following command
# rpm -Uvh epel-release-*rpm

Install iperf3 with following command
#rpm -Uvh iperf3-*.rpm

iperf3 has been successfully installed on your CentOS machine.

Configure fencing on RedHat for Cisco UCS

How to configure fencing on RedHat or CentOS Linux installed on Cisco Unified Computing System UCS blade Servers.
Below is a single command to shut a blade server when configuring fencing on Linux
Command to enter on redhat machine

#fence_cisco_ucs -a UCS-Domain-VIP -l User-ID -p ******** -z -n org-root/SERVICE-PROFILE-NAME -o status

replace above in blue font with the following information

UCS-Domain-VIP                 =              UCS manager IP
User-ID                                   =              User ID
******                                       =              password of User ID
SERVICE-PROFILE-NAME =              replace it with the service profile name of the server

Create a new ID in UCS Manager with only power on/off rights, and use that ID to send fencing poweroff command to the UCS Blades from RedHat Linux

ESXi vmnic shows 20gb or 40gb instead of 10gb On UCS


After configuring UCS Service profile, installing VMWare ESXi and configuring Nexus 1000v, i found VMWare vmnics were showing 20 gbps per nic. It was little confusing for me as each UCS Server port from blade to Fabric Interconnect should show 10 gbps. I started exploring it and found an interesting design of Cisco UCS VIC Cards 1340/1380 or UCS Port expander.

As you can see there is hardware port channel between the virtual nics, and the outward ports connected to the IO modules.

 As you can see it depends upon different type of connectivity between VIC cards and IO Modules, if you are connecting VIC 1340 without port expander then hardware port-channel see only two 10 gig interfaces connected to it and it presents 20 gig connections to each server Ethernet link, vmnic on ESXi in our case. And if a port expander is connected then the hardware port-channel sees four 10 gig interfaces connected to it so it represents as 40 gig connection for each Ethernet link down the Server. This bandwidth is provided only when UCS IO Modules of 2208xp are installed, if the IO Module 2104 is installed then the bandwidth will be reduced by half, as only four 10 gig connections are provided from 2104 IO module to each blade Server.

What is Secure Shell (SSH) and how to configure SSH in Cisco Devices

What is Secure Shell (SSH) and how to configure SSH in Cisco Devices

What is Secure Shell (SSH)
Secure Shell is a protocol that can be used in the place of well known Telnet protocol to remotely connect to your Cisco Router or Switch. Telnet has long been used to manage network devices; however, Telnet traffic is sent in clear text. Anyone able to sniff that traffic would see your password and any other information sent during the Telnet session. Secure Shell (SSH) is a much more secure way to manage your routers and switches. It is a client/server protocol that encrypts the traffic in and out through the vty ports.
Cisco routers and switches can act as SSH clients by default, but must be configured to be SSH servers. That is, they can use SSH when connecting to another device, but require configuration before allowing devices to connect via SSH to them. They also require some method of authenticating the client. This can be either a local username and password, or authentication with a AAA server (AAA is detailed in the next section).
There are two versions of SSH. SSH Version 2 is an IETF standard that is more secure than version 1. Version 1 is more vulnerable to man-in-the-middle attacks, for instance. Cisco devices support both types of connections, but you can specify which version to use.
How to Configure SSH in Cisco Devices
Telnet is enabled by default, but configuring even a basic SSH server requires several following steps:
1. Ensure that your IOS supports SSH. You need a K9 image for this.
2. Configure a host name.
3. Configure a domain name.
4. Configure a client authentication method.
5. Tell the router or switch to generate the Rivest, Shamir, and Adelman (RSA) keys that will be used to encrypt the session.
6. Specify the SSH version, if you want to use version 2.
7. Disable Telnet on the VTY lines.
8. Enable SSH on the VTY lines.
Here are the configuration command to configure Secure Shell on Cisco Routers or Switches
router(config)# hostname R1
R1(config)# ip domain-name networkpcworld
R1(config)# username cisco password Cisco
R1(config)# crypto key generate rsa
The name for the keys will be: R1.networkpcworld
Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys …[OK]
R1(config)#
*May 22 02:06:51.923: %SSH-5-ENABLED: SSH 1.99 has been enabled
R1(config)# ip ssh version 2
!
R1(config)# line vty 0 4
R1(config-line)# transport input none
R1(config-line)# transport input ssh
R1(config-line)#^Z
!
R1# show ip ssh
SSH Enabled – version 2.0
Authentication timeout: 120 secs; Authentication retries: 3

Cisco CLI Command to Quickly List out Availale Interfaces and their status

The Cisco CLI Command which i often use when i am running a New Cisco Device (Router or a Switch) to quickly list out the available interfaces and to check their status up or down. See the command and the output below

Router#show interfaces description
Interface Status           Protocol Description
Fa0/0     up                     up
Fa0/1     admin down     down
Se1/0     up                     up
Se1/0.1   up                    up
Se1/0.2   up                    up
Se1/1     admin down     down
Se1/2     admin down     down
Se1/3     admin down     down

Cisco IOS different names with different Features

Different types of Cisco IOSs with different features are available for download with different names.
Cisco IOSs can be selected and downloaded as per the features they provide. Here is the brief definition of Eight Different types of IOSs having specific features. Choose what you need for you company by understanding with IOS name.
• IP Base
IP Base without Crypto-Entry level Cisco IOS Software image (Classic IP Data + trunking and DSL)
• IP Voice
IP Voice without Crypto, Adds VoIP, VoFR to IP Base (Adds Voice to Data)
• SP Services
Adds SSH/SSL, ATM, VoATM, MPLS, etc. to IP Voice (Adds SP Services to Voice & Data)
• Advanced Security
Adds Cisco IOS FW, IDS/IDP, NAC, SSH/SSL, IPsec VPN, etc. to IP Base (Add Security/VPN to Data)
• Enterprise Base
Enterprise Base without Crypto, Adds Enterprise Layer 3 routed protocols (AT, IPX, etc.) and IBM support to IP Base (Add Multiprotocol Services to Data)
• Enterprise Services
Enterprise Services without Crypto4-Adds full IBM support, Service Provider Services to Enterprise Base (Merge Enterprise Base & SP Services)
• Advanced IP Services-Adds IPv6
Advanced Security to SP Services (Merge Advanced Security & SP Services)
• Advanced Enterprise Services-Full Cisco IOS Software
Merge Advanced IP Services & Enterprise Services

Telnet Client is Disabled Enable it to use it from this application


This is a Cisco Network Assistant (CNA) error when you want to telnet any Cisco Devices from within CNA.

Solution to remove this error is related to Windows 7 or Windows Vista.
First of all you need to Add TELNET program from Control Panel, which by Default is not added in fresh installation of Windows 7.For adding and using Telnet Program in Windows 7,
Click Start > Control Panel > Uninstall a Program > Turn Windows Features On and OFF > Scroll to TELNET and Select it > Press OK
After Adding Telnet Program into the Windows 7 you need to Copy Telent.exe from C:\Windows\System32 folder and paste it to C:\Windows\SysWOW64\
Now you should not get the same error.

Roundcube webmail tries to send mail from @127.0.0.1

This issue happens when you login to your roundcube webmail with your email ID only and not writing full email address with domain name, so it writes your identity in email from box as abc@127.0.0.1
If you log out and again login in with full user name including domain name, i.e abc@xyz.com then you can see your send email from is correct to you full email address and not abc@127.0.0.1.
So either you can always login to the webmail with full email address or do one change in the roundcube configuration to add your email domain to the login id automatically.
Go to the configuration folder of roundcube.
I am using iRedmail with default installations on Ubuntu, so my default path is located at /opt/www/roundcube/configs/defaults.inc.php
open this configuration file in text editor and uncomment the follwoing
$config[‘username_domain’] = ”;
after uncommenting add your email domain in the inverted commas, like below
$config[‘username_domain’] = ‘xyz.com’;
after making changes, restart the apache service
$sudo service apache2 restart (this is ubuntu command)
Now you should see your full email address in from list on roundcube webmail. Leave comment if it worked for you

Capture Cisco CSR packets and Examine with Wireshark


As you know the Cisco’s Cloud Services Router is a virtual router either installed and configured in public Clouds like Amazon Web Services, AWS, or in your private cloud hosted locally. I needed to capture and monitor the traffic on its interfaces with Wireshark. One way I could found is to capture your desired traffic on any interface of CSR, export it to your local disk and open it with Wireshark.
The following procedure can also be used to capture packets on other physical Cisco Routers running following IOS versions.
Cisco IOS Release 12.4(20)T or later
Cisco IOS-XE Release 15.2(4)S – 3.7.0 or later
Lets start capturing traffic here on Cisco CSR.
First we specify the interface to capture the packets on;
csr#monitor capture GIG2 interface GigabitEthernet 2 both
Here GIG2 is any name to create a file and store packets in it, both means to capture both inbound and outbound packets on interface gigabitethernet 2
You can specify ipv4 or ipv6 traffic, select protocol or even sepcify ACL to capture only selected traffic with following command;
csr#monitor capture GIG2 match ipv4 protocol tcp any any
Now we Start the capturing packets on our selected criteria as configured above
csr#monitor capture GIG2 start
The capture is now active. Allow it to collect the necessary data.
After capturing sufficient packets, Stop the capture:
csr#monitor capture CAP stop
Now either you can examine the capture in a summary or detailed view on CSR router itself or export it to your local computer disk and examine with Wireshark.
To examine the capture in a summary view:
csr#show monitor capture CAP buffer brief
Examine the capture in a detailed view:
csr#show monitor capture CAP buffer detailed
Export the capture in PCAP format for further analysis:
csr#monitor capture GIG2 export tftp://10.0.1.11/GIG2.pcap
Once the necessary data has been collected, and exported to tftp server, remove the capture:
csr#no monitor capture GIG2


Error Establishing A Database Connection WordPress CentOS

Being novice to WordPress, but maintaining a Apache web server on CentOS 6.5 and maintaining a WordPress website.
Surprisingly it was not a database issue, but a DDoS attack!!!
After googling a lot related to MySQL database, i started monitoring my web server and found its CPU usage was becoming 100% by lot of Apache processes and after some time my server became unresponsive!!!

What I did…
Blocked HTTP access from 0.0.0.0/0
Allowed HTTP access to only my network Public IP.
Restarted the Server and found it was working like charm.

I again allowed access to 0.0.0.0/0 and it again became unresponsive and the CPU utilization was 100% or sometimes with “Error Establishing A Database Connection”

My next step was obviously to look at which public IP is bombarding http requests to my Server.

To check http access logs, use the following command
cat /var/log/httpd/access_log

My CentOS server is hosted on Amazon Web Services, so there is no provision to block any single IP address with AWS security group, I had to block this culprit IP on the CentOS itself.

Here are the commands to block the IP on the CentOS linux with it native firewall
sudo iptables -I INPUT -s x.x.x.x/32 -j DROP

After adding your rules you’ll need to save them, and ensure the iptables service starts at boot.
sudo iptables-save > /etc/sysconfig/iptables-config

Steps to install RAM and NIC Cisco UCS Server

It is always very easy to install additional hardware components to Cisco UCS blade or Rack servers in non-production environment. If you have to add something to Cisco UCS blade or Rack server in your company’s data center or in customer production environments then you are given a small time window to perform your activity and resume the Server or compute infrastructure in production. In this case you have to put extra efforts and create method of procedure MOP, to avoid any delay and surprises during your Change Request CR window and complete the task before the end of the CR window.
Writing this post to save your time if you are going to install additional hardware components e.g Memory RAM/DIMM, Network interface cards, NICs, or VIC, hard drives etc. You got to plan it well, otherwise you may stuck with troubleshooting and run out of time in CR window time.
Before installing the new hardware components, make sure the new hardware is compatible with your blade/rack server, supported by your current UCS firmware version, and there are no open bugs of that new hardware component in the installed UCS firmware version
After confirming above points, follow below steps to install new hardware.
  1. Dissociate service profile from Server
  2. Decommission the same server
  3. In case of  rack server, remove the power cords from Server and all fibre/copper network connections
  4. Pull out the Server and open the top cover
  5. Install new hardware components
  6. Put back the server in the same slot, if blade.
  7. Re-commission the Server
  8. Associate same Service profile to the server.

How to add Python Path in Windows Environment Variables

I got to do this when I need to migrate my customer's Nexus 1000v to the VMWare vDS. Go through the migration documents, first step is to install Python and add the python to the Windows Environment Variable.

Python version is 2.7.
My Windows Version = Windows Server 2008 R2 Enterprise

To add python into the Windows environment variable and then start the python from command prompt.

Go to the
  1. Go to Control Panel>System and Security>System.
  2. Select Advanced system settings.
  3. Select Environment Variables as shown in following figure.
  4. Under system variable, Click New
  5. Add first variable as 
    1. Variable Name = PATH
    2. Variable Value = C:\Python27;%PATH%
  6. Add second variable as
    1. Variable Name = PYTHONPATH
    2. Variable Value = %PYTHONPATH%;C:\Python27
Click OK to save newly added two variables, open command prompt window and type python and you should be on the Python prompt. 



vDS operation failed on host xxxxxxx.domainname, got (vmodl.fault.SystemError) exception

This error occurs repeatedly while adding ESXi host to the Nexus 1000v. The problem seems with the VMWare Update Manager (VUM) that it doesn't initiate the required VEM module for the installation on the ESXi host we are adding to the Nexus 1000v.

I solved my problem by manually installing the .vib file on the ESXi host. And here are the steps to follow.

Go to the Nexus 1000v through web browser

You get list of links to download files, download your required .vib file from there. for me it was Cisco_bootbank_cisco-vem-v340-esx_5.2.1.3.2.8.0-6.0.1.vib

Upload that vib file to the ESXi host with WinSCP, say in the /tmp folder

Run following command to install the .vib file .i.e. the vem module.

esxcli software vib install -v /tmp/Cisco_bootbank_cisco-vem-v340-esx_5.2.1.3.2.8.0-6.0.1.vib

After the .vib file has been installed successfully, add the ESXi host to the Nexus 1000v.

Unable to See and add new ESXi hosts in Nexus 1000v


After the VMWare upgrade from 5.x to 6.x and Nexus 1000v upgrade from 4.2 to 5.2 you are unable to add new hosts into the Nexus 1000v distributed switch, although the older hosts are seed added to the N1Kv distributed switch and running fine without any issues.

This happens because Nexus 1000v has no knowledge of new versions of vCenter Server in its postgress database.

You have to manually add the new version in the vCenter database to support the new Version.

First you need to log in the the VCDB on command line, and for that you need to find the userID and password.

To get the userID and password, open C:\ProgramData\VMware\vCenterServer\cfg\vmware-vpx\vcdb.properties

vcdb.properties file contents should look like this

driver = org.postgresql.Driverdbtype = PostgreSQLurl = jdbc:postgresql://localhost:5432/VCDB
username = vcpassword = {FNr2Aad>ws8Xo<Qpassword.encrypted = false

Grab the username and password (default userID happend to be "vc" and the password

To add the new version

Go to this Path on DOS Prompot
C:\Program Files\VMware\vCenter Server\vPostgres\bin\

Run Command
C:\Program Files\VMware\vCenter Server\vPostgres\bin>psql -U vc VCDB
Enter password as found above in the the file at C:\ProgramData\VMware\vCenterServer\cfg\vmware-vpx\vcdb.properties
Password for user vc:

Show database
SELECT * FROM VPX_DVS_COMPATIBLE;

Insert the new version into the database with follwoing command
insert into VPX_DVS_COMPATIBLE VALUES
(42,'esx','6.0+');
(42,'embeddedEsx','6.0+');

Here 42 is the device ID and can be seen in the first column of the output of command
SELECT * FROM VPX_DVS_COMPATIBLE;

Again show the database bases, it should now list the support for vCenter 6.0+ version.

Show database
SELECT * FROM VPX_DVS_COMPATIBLE;

You should see the New vCenter version has been added to the database.

Exit the Database command prompt by typing \q

Restart the vCenter Server and add the hosts to Nexus 1000v normally.

Reset multiple User passwords in iRedmail with Python Script

Just found a built in python script for resetting passwords of multiple mail users with one go. This python script came with the installation of iRedmail.
You can find the python scrip at this path 

/etc/www/iredadmin/tools/update_password_with_csv.py

All you have to do is to create a csv file in excel and put username+domain and password in plain text, as per below

postmaster@networkpcworld.com 12345678

Put the password in same cell with space and DO NOT put the password in another cell, otherwise the script wouldn't run. 

Save the CSV file with any name, here we put the name as new_passwords.csv 

Now upload the CSV to ired mail server on same path /var/www/iredadmin/tools/

Run the python scrip with the uploaded file with below command.

python /var/www/iredadmin/tools/update_password_with_csv.py new_passwords.csv

You have successfully reset the password for all required email user account.