Reserving a statically assigned IP address to a device’s mac-address

There are instances and this is fairly common to medical environments/facilities where you can’t dynamically assign an IP address to a device out of security or other reasons. Most of these devices you have to ask the vendor to hard-code the IP before shipping to the customer.

So if you have cisco routers onsite and they also function as the DHCP server, it is essential that they can reserve and designate these IPs to particular devices via their mac-address.

In this simple how-to, I will show you how to hard-code IPs to network devices using their mac-address. Make sure you exclude the IPs that you are reserving by doing the exclude command, set-up your dhcp configs then set your static pool. Don’t forget to label them for future troubleshooting.

Scenario, I got three devices, a printer, a pc and a medical device maybe a catscan that needs to send info via the network.

ip dhcp excluded-address 192.168.1.202 192.168.1.203
ip dhcp excluded-address 192.168.1.50
ip dhcp excluded-address 192.168.1.254
!
ip dhcp pool sdm-pool
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
!
ip dhcp pool static1
host 192.168.1.50 255.255.255.0
client-identifier 00.26.73.75.8d.66
client-name COMPANY_PRINTER
!
ip dhcp pool static2
host 192.168.1.202 255.255.255.0
client-identifier 00.21.9B.66.30.09
client-name COMPANY_SERVER
!
ip dhcp pool static3
host 192.168.1.203 255.255.255.0
client-identifier 00.00.74.F0.77.E1
client-name MEDICAL_DEVICE

Advertisements

Playing with the new OOB and stacking up Cisco/Brocade gear

20150529_103513[1]20150529_150217[1]

It has been challenging getting a how-to blog as I have been flogged with work. I can’t even find the time for the last 2 weeks to study both for Brocade and Cisco. I have a couple of how-to’s lined up once I get the chance and one of them is with regards to Opengear.

I was able to test and configure this bad boy this week as we are in the process of replacing all our ancient 2511 OoBs with this one. It is so sexy, neat features such as dual LAN access, 3G capability and wifi.

Aside from getting to play with Opengear, I get to put together a couple of Cisco ASR, MEs and Brocades on the tech bench in preparation to deploy them to one of our POPs. This week I have set-up the Brocades ICX switches in a stack for a robust redundancy.

To sum it all up…fun times.

Mid-week slack

For the last couple of days I have been slack with my studies. I have been smashed from work with so much tickets and provisioning work, I don’t even have enough energy to even look at any notes. Every single day I get to drive at least an hour to and from work. Two hours a day that I could have spent time studying. There are days where I would just play a podcast from packetpushers or CBT to keep me up to date but really can’t focus to much as I am driving.

Iain, one of our contacts from Brocade has asked if I have taken my BCNE yet. I told him I just took my CCDA and hopefully sit the exam in three weeks.

Speaking of packet pushers, I discovered Ethan Bank’s blog site and it chronicled his CCIE journey. It’s actually reading one of his blog posts today that compelled me to put in something for tonight.

Work may be horrible for the last couple of days (more like sucked badly) but its not an excuse to keep my eyes off the price. It’s like going to the gym (I know its a bad example as I don’t go to one) you just have to push on whatever it takes.

—–

Nothing really exciting, just having to deal with mostly ADSL issues. Australia should just stop using ADSL and have a law making it illegal to use it. It is just a horrible service. Too sensitive, too clunky, too hard to troubleshoot and just sucks. Unfortunately according to a news article I read recently USA and China are the top 2 countries that are still using the technology. It is still far better than satellite, which another technology that should be banned from being used. When I was living in the US, I tried satellite internet and it was the worst ever. It is so sensitive to weather.

—–

It gets my blood pumping whenever I get to provision complicated networks, not really complicated but more than your typical internet connection. Anything with redundancy, fail-over, HSRP, you get the drift. Anything that would have a chance to completely take the service down if I screw up:) I got a couple this week but the rest of the week I was stuck with ADSL.

BCNE is next…

BCNE (1)

There is something about the Brocades that attracts me to it. Many people thought that Juniper is Cisco’s closest competitor in the networking arena, its actually this company here. Back in 2010, Brocade certs used to be ranked as the number 1 cert to have because they were so sought after.

Lucas Arts, San Diego’s 911 and major universities in the United States have Brocades in their core network. Telecoms in Australia such as Telstra, Vocus and AAPT have brocades mixed in with their Cisco’s. Where I work, we have the Brocade 6610’s running as our top-of-rack switches in our core infrastructure delivering 10Gb bandwidth.

Brocade is more known for its storage capabilities and they make a lot of money out of it. Money that they are now funnelling to their Vyatta vRouter product line. Enough to convince me to go for their certs. I already have their Brocade Certified vRouter Engineer cert, its time to get the Brocade Certified Network Engineer cert which is almost equivalent to Cisco’s CCNA R&S.

Brocade was nice enough to reimburse my exam if I pass it. Have not booked the exam yet but will be in a few days. Just letting work load settle down.

NAT + Route-map

nat

Interesting scenario, Company A’s router needs to allow the following IPs from a public address of 203.1.1.0/24 to access 2 servers on the LAN 192.168.1.2 and 192.168.1.3 via port 9101.

It is not your typical static NAT, nor dynamic NAT would work and definitely not PAT or NAT overload. So what I did is create a route-map where in I created an extended access-list permitting only the public ip on tcp 9101. Then did a static nat to each server within the LAN and using the route-map as the allowed external source.

extended IP access list NAT
10 permit tcp 203.1.1.0 0.0.0.255 any eq 9101

route-map NAT permit 10
match ip address NAT

ip nat inside source static 192.168.1.2 route-map NAT
ip nat inside source statcie 192.168.1.3 route-map NAT

Interface g0/0 <WAN INTERFACE>
ip nat outside
interface g0/1 <LAN INTERFACE>
ip nat inside

CloudPBX demo, revisiting QoS and my server

Yesterday I had the opportunity to sit in a room together with the company’s big guys to check out the CloudPBX system we are about to roll out as one of our services. If what they are saying its true, they are the first Australian own CloudPBX solution available in the market today.

The company is Bicom systems, they demonstrated a multi-tenent CloudPBX system that supports a number of features. I spent a few minutes this morning checking out their website and they happen to have an on-line demo of their product. I plan to have more time to play around with it in the next couple of days.

Playing with the idea of doing a how-to blog, once I get more familiar with the tech.

—-

I am supposed to start on my next exam, the Brocade Certified Network Engineer (BCNE). I got side tracked with studying QoS and Cisco VoIP stuff up until this evening. Completely understood some of the detailed concepts of COS, ToS, DSCP and trust boundaries. How AFxx translates to binary and how to configure them on the router.

I felt I need to re-visit them as I had a question on my queue asking about how to prioritize SMB traffic over their MPLS network this week. I had to consult with my senior engineers for an answer, only to find out it was no different to how we treat voice and video QoS.

I also discovered you can do QoS labs on Packet Tracer but won’t be able to use dcsp marking which would have been amazing. You will be limited to use ip precedence 0-7. At least it is there for simple QoS labs and stuff.

packettracerqos

—–

I am still contemplating on getting a decent server for my studies. Torn between getting a rack mounted server or just your typical PC with gaming components to handle my computing requirements specially if I intend to run GNS3, ESXi etc enough to run labs for the CCIE.

CCDA achieved!!!

ccda1

This afternoon I took my CCDA exam and passed. The score I got was not as amazing as what I got from my BCvRE exam but hey…this is cisco, it is not meant to be easy. The rumours are true, there are a lot of drag and drops which almost made me believe I will fail the exam.

So I previously mentioned in my earlier blogs, CCDA gives you a 10,000 foot view of everything Cisco from a Network Design perspective. It did not cover ACI, Cisco’s SDN technology which I believe will be encountered once I start studying for the ARCH exam to achieve my CCDP. Most of the questions were all right as my training in CCNP R&S and work experience helped a lot.

Thanks to Anthony Sequiera of CBTNuggets, it may not have covered everything but watching training videos for me is always a good jumping board then off to the books when going deep into the topics.

What’s next, going back to Brocade’s BCNE.

PS: I read a blog about Wireshark Certified Network Analyst WCNA exam…pretty cool to have as a skill set…