STP - Relentless Coding
In this post, we will have a look at the venerable Spanning Tree Protocol (STP), what it is used for, and how to configure and verify it on Cisco IOS and MikroTik.| Relentless Coding
I use Kagi as my search engine and for LLM interactions. I am also always connected to ProtonVPN. I and others have noticed that the output from their LLM Assistant is cut of after a couple of seconds when on ProtonVPN. Why does that happen and what can we do about it?| Relentless Coding
VLANs have stumped me for the longest time. They are a requirement for networksegmentation, but couldn’t you also achieve that by subnetting? What is therelationship between a VLAN and a subnet? Are they the same thing? In this post,I attempt to answer these and some other questions. The LAN A LAN is a layer-2 broadcast segment. That means that layer-2 devices, such asswitches, will flood broadcasts, unknown multicasts and multicasts (BUM) outof every interface except the one they received ...| Relentless Coding
I previously discussed the plain-old Spanning Tree Protocol (STP). In thispost, I will look at the differences introduces by its successor, the RapidSpanning Tree Protocol (RSTP). The Case for RSTP STP required 50 seconds to get a port in forwarding state: it waits 20 secondsfor the MaxAge (by default 10 times the value of the Hello Timer) timer toexpire. At that point, it knows it has to change the topology. It will spend theForward Delay in a listening state (15 seconds by default) and then...| Relentless Coding
Let’s have a look at what happens when we plug some MikroTik devices into a Cisco switch and string them together in a loop topology. What happens when RSTP and RPVST+ need to work together? Do we get a broadcast storm? Why (not)?| Relentless Coding
Let’s have a look at what Cisco OS gets booted at startup and how we caninfluence that deciscion using the configuration register. The configuration register is a 2-byte field, represented as 4 hex digits, thatyou can set with the config-register global configuration command. The last nibble of the register is called the boot field. This is the logicit uses: If boot field = 0, use the ROMMON OS. If boot field = 1, load the first IOS file found in flash memory. If boot field = 2-F:Try each b...| Relentless Coding
Let’s have a look at QoS or how to unfairly manage traffic in the face ofcongestion on Cisco devices.1 What Is QoS and Why Do We Need It? QoS is concerned with 4 characteristics of network traffic: bandwidth (capacity of a link) delay (between sending a packet and the recipient receiving it, or RTT) variation in delay (jitter) packet loss QoS comes into play when the network is not able to process every packet as soonas it received, which is most always. Think of a gigabit data stream comin...| Relentless Coding
What follows is basically a summary of what I have learned about OSPF during my CCNA studies.| Relentless Coding
If you have a Cisco AP that has CAP in the model, you have a so-called lightweight AP that is supposed to be controlled by a wireless controller (WLC). I was able to convert my AIR-CAP2602E-E-K9 to autonomous mode by loading different firmware. This post discusses how to do that.| Relentless Coding
Let’s look at several ways to route between VLANs in the Cisco world. Router on a Stick (ROAS) A router is connected to a switch. If separate VLANs on separate IP subnets wantto talk to each other, they have to go through the router. The router has a VLANtrunk to the switch. The router itself needs an IP address in every VLAN itroutes. These IP addresses are the default routes for the end hosts. On the router, you create subinterfaces by putting a .<n> after the interfacetype and number, wh...| Relentless Coding
Let’s have a look at how we can use redundant layer-2 links between 2 Ciscodevices. Benefits of Using EtherChannel A layer-2 EtherChannel aggregates up to 8 links. This provides redundancy,because 1 of the links can fail or go down, and traffic will still flow over theother links. It also provides greater bandwidth, which is especially importantover a trunk link, such as in a Router-on-a-Stick (ROAS) configuration. Without an EtherChannel, the redundant links would still work and, in case o...| Relentless Coding
Let’s look at how to automatically get an IP addresses assigned on an interface on a Cisco device. This could not be simpler.| Relentless Coding
Let’s have a look at how Cisco IOS handles authentication and how passwords arestored in the configuration file. Disable Cleartext Passwords in the Configuration File Let’s I set the “front-door password” for console access that would put the userin user EXEC mode: ISR4321# conf tISR4321(config)# line console 0ISR4321(config-line)# password foobarbazISR4321(config-line)# loginISR4321(config-line)# ^Z ISR4321# sh run | b lineline con 0!line aux 0!line vty 0 4 password foobarbaz loginli...| Relentless Coding
Let’s take a look at how to set the clock on a Cisco device. Display the Current Time ISR4321> show clock13:11:59.001 UTC Sun Mar 2 2025 Manually Set the Time ISR4321# clock set 13:08:10 2 March 2025 Configure NTP ISR4321(config)# ntp server 192.168.88.1 Set timezone and DST: ISR4321# conf tISR4321(config)# clock timezone CET +1ISR4321(config)# clock summer-time CEST recurring last Sunday March 02:00 last Sunday October 03:00ISR4321(config)# end After recurring, you can indicate when DST ti...| Relentless Coding
My ISR4321 was not remembering its config on startup even though I was sure towrite memory after making config changes. Turns out, the configurationregistry was not set correctly. This post looks at what this registry containsand how to make sure it will load the stored config on bootup. In my case, the registry value was set to 0x9922. Here is an overview of what all the different bits mean. When breaking itdown: 0x8000 => enables diagnostic messages, ignores NVRAM contents0x1000 => console ...| Relentless Coding
You can generate a self-signed certificate on Cisco IOS. If that fails, youcan generate one on another machine and import it. Let IOS Generate a Self-Signed Certificate First, we create a CA: ISR4321# conf tISR4321(config)# crypto pki trustpoint mytpISR4321(ca-trustpoint)# enrollment selfsignedISR4321(ca-trustpoint)# fqdn isr4300.testISR4321(ca-trustpoint)# ip-address 192.168.88.254ISR4321(ca-trustpoint)# subject-alt-name isr4300.testISR4321(ca-trustpoint)# hash sha256 Now, we can create a se...| Relentless Coding
While connecting to a Cisco device out-of-band (i.e. not using IP) using aserial connection is the most secure way to configure the device, we also needto be able to connect over the network. Telnet works, but is not secure. So weneed SSH. This posts looks at how to set up SSH with username and password on aCisco device, how to use public-key certificates as a best practice toauthenticate and how to disable SSH altogether if it is not needed. Cisco, of course, has pages upon pages of discussi...| Relentless Coding
If you want to connect to a networking device from Cisco or MikroTik, you getout-of-band access to the device over a serial console port. minicom is one ofseveral programs that can be used to talk to these devices over a serialconnection. [A serial console port] enables administration of a machine even if it has nokeyboard, mouse, monitor, or network attached to it. Read Arch Linux wiki on working with the serial console. Edit Configuration To set up minicom enter: $ minicom -s minicom can on...| Relentless Coding
You can configure Cisco’s IOS to remember IP addresses for host, without havingto resort to a DNS lookup. Very much indeed like adding an entry to your/etc/hosts file. Router(config)# ip host example.invalid 192.168.1.1Router(config)# endRouter# sh hostDefault Domain is example.invalidName/address lookup uses domain serviceName servers are 255.255.255.255Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate temp - temporary, perm - permanent NA - Not Applicable None - Not definedHost ...| Relentless Coding
Another one of those Cisco IOS gotchas: when mistyping a command, you have towait a minute before you get back a prompt. How to get back your prompt rightaway? To beginners with fat fingers like me, this happens all the time: Router> fooTranslating "foo"...domain server (255.255.255.255) IOS interprets this as a hostname to Telnet into. It will make you wait a minutebefore you can continue: If the router has no DNS servers configured, another IOS default causes therouter to broadcast on the c...| Relentless Coding
Let’s have a quick look at how to keep Cisco IOS from interfering with yourprompt? Improve Annoying Console Logging I have set logging console to notifications or lower. Now, when exitingglobal configuration mode with ^Z or end and immediately starting to typeanother command such as sh run: ISR4321(config-line)#end ISR4321#*Mar 9 09:27:18.751: %SYS-5-CONFIG_I: Configured from console by consolesh run The logging interferes with what I am typing. Nothing too bad, I can type ^L toquickly get ...| Relentless Coding
In this post, we will have a look at the venerable Spanning Tree Protocol (STP), what it is used for, and how to configure and verify it on Cisco IOS and MikroTik.| Relentless Coding
