IP Access list. Deny ICMP

L3-AE-IOU1(config)#do sh run
Building configuration...

Current configuration : 1967 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname L3-AE-IOU1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
ip cef
!
!
no ip domain-lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!        
!
!
!
interface Ethernet0/0
 duplex auto
!
interface Ethernet0/1
 switchport access vlan 10
 switchport mode access
 duplex auto
!
interface Ethernet0/2
 switchport access vlan 10
 switchport mode access
 duplex auto
!
interface Ethernet0/3
 duplex auto
!
interface Ethernet1/0
 shutdown
 duplex auto
!        
interface Ethernet1/1
 shutdown
 duplex auto
!
interface Ethernet1/2
 shutdown
 duplex auto
!
interface Ethernet1/3
 shutdown
 duplex auto
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 ip address 10.0.32.1 255.255.255.0
!
interface Vlan10
 ip address 10.0.33.1 255.255.255.0
 ip access-group 100 in
!
!
no ip http server
!
ip route 0.0.0.0 0.0.0.0 10.0.32.20
!
access-list 100 deny   icmp host 10.0.33.37 any
access-list 100 permit ip any any
!
!
!        
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
end

The above config blocks PC2 from sending any Ping in the given diagram:

Adding multiple IP address to a single interface in Cisco Router

interface Vlan10
 ip address 10.0.33.1 255.255.255.0 secondary
 ip address 10.0.34.1 255.255.255.0

VLAN Routing

L3-AE-IOU1#sh run
Building configuration...

Current configuration : 1923 bytes
!
! Last configuration change at 12:42:13 UTC Wed Oct 25 2017
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname L3-AE-IOU1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
ip cef
!
!      
no ip domain-lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!      
!
!
!
!
!
interface Ethernet0/0
 duplex auto
!
interface Ethernet0/1
 switchport access vlan 10
 switchport mode access
 duplex auto
!
interface Ethernet0/2
 switchport access vlan 10
 switchport mode access
 duplex auto
!
interface Ethernet0/3
 duplex auto
!
interface Ethernet1/0
 shutdown
 duplex auto
!
interface Ethernet1/1
 shutdown
 duplex auto
!
interface Ethernet1/2
 shutdown
 duplex auto
!
interface Ethernet1/3
 shutdown
 duplex auto
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 ip address 10.0.32.1 255.255.255.0
!
interface Vlan10
 ip address 10.0.33.1 255.255.255.0
!
!
no ip http server
!
ip route 0.0.0.0 0.0.0.0 10.0.32.20
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
end

L3-AE-IOU1#

Router Config:

/ip address

add address=10.0.32.20/24 interface=ether1 network=10.0.32.0

/ip dhcp-client

add dhcp-options=hostname,clientid disabled=no interface=ether2

/ip firewall nat

add action=masquerade chain=srcnat

/ip route

add check-gateway=ping distance=1 dst-address=10.0.33.0/24 gateway=10.0.32.1

How to connect to GNS3 from Local Windows System?

This article also tries to answer the following questions:
1. How to connect to remote topology running on GNS3 VM?
2. How to access Mikrotik Routers running inside GNS3 VM from Local System using Winbox?

=> Steps to follow:
1. Install OpenVPN Tap driver. Download and Install the OpenVPN Client.
2. Check the following:

By default the connection is showing Unplugged. See the TAP #1 in the given snap. Its up. You need an UP interface. To set the connection up, do the following:

Open Properties- Advanced and Change the following:

And you are done. Now to connect to Remote Topology running on GNS3 VM do the following shown in the snap:

And that's all.

Using a "Microsoft Loopback Adapter" also accomplishes the same thing.

How to remove the Suspend option from Ubuntu Desktop?

Edit the following file with root privileges:

sudo gedit /usr/share/polkit-1/actions/org.freedesktop.login1.policy

search for each of the following
org.freedesktop.login1.suspend
org.freedesktop.login1.suspend-multiple-sessions
org.freedesktop.login1.suspend-ignore-inhibit

For each of the above action ids scroll down change the following from yes or whatever to no:

    <defaults>
         <allow_any>no</allow_any>
         <allow_inactive>no</allow_inactive>
         <allow_active>no</allow_active>
    </defaults>

Save the file and reboot.

Following are the snaps depicting the whole process and before and after Results:

Huawei Router Basics

Set up multiple IP Addresses to a single interface:

[R1-Ethernet0/0/0]ip address 10.0.0.5 30
[R1-Ethernet0/0/0]ip address 10.0.0.1 30 sub

the "sub" at the end is vital for this, otherwise the second IP Address will replace the first one when Entered.

Setting up a Banner at Login Prompt:
[R1]header ?
  login  Specify the login authentication banner
  shell  Specify the start banner of session

[R1]header login information "All activities are Logged and Reported"

To setup a Welcome Message do the following from system-view:

[R1]header shell information "Don't fuck the Router!"

=> Full Configuration of a Huawei Router:
[R1]display current-configuration
[V200R003C00]
#
 sysname R1
 header shell information "Dont fuck Me!"
 header login information "All activities are Logged and Reported"
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 set cpu-usage threshold 80 restore 75
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface Ethernet0/0/0
 undo portswitch
 ip address 10.0.0.5 255.255.255.252
 ip address 10.0.0.1 255.255.255.252 sub
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface NULL0
#
user-interface con 0
 authentication-mode password
 set authentication password cipher %$%$K:.D5\N-`HV3!!QH)FWM,#@yXUz6WS!/BL74f'~K
)]CE#@|,%$%$
 idle-timeout 20 0
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

Web Filtering solution for Network Administrators

Following are some of the options to filter ad and unnecessary garbage:
1. Filtering Proxy [Privoxy]
2. DNS [Bind Loopback Zone]
3. Browser Addons.
4. Filtering Gateways

Setting up Console Password in Huawei Router.

Following is the snippet to set Console Password:

<Huawei>system
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]user-in
[Huawei]user-interface con
[Huawei]user-interface console ?
  INTEGER<0-0>  The first user terminal interface to be configured
[Huawei]user-interface console 0
[Huawei-ui-console0]auth
[Huawei-ui-console0]authentication-mode pass
[Huawei-ui-console0]authentication-mode password ?
  <cr>  Please press ENTER to execute command
[Huawei-ui-console0]authentication-mode password
Please configure the login password (maximum length 16):5
[Huawei-ui-console0]set auth
[Huawei-ui-console0]set authentication ?
  password  Set the password for a user interface
[Huawei-ui-console0]set authentication pas
[Huawei-ui-console0]set authentication password cip
[Huawei-ui-console0]set authentication password cipher soham
[Huawei-ui-console0]display this
[V200R003C00]
#
user-interface con 0
 authentication-mode password
 set authentication password cipher %$%$/Dm-2^"<q%@._VF2XstE,.8B"%PwT:]*e<Q(@oX=
\*@!.8E,%$%$
user-interface vty 0 4
user-interface vty 16 20
#
return
[Huawei-ui-console0]

Fix network driver issue without Restarting. Fix Local Area Connection properties window showing Blank.

Sometime you might find a situation where you install net filter driver on windows and it makes Local Area Connection Properties show a blank window.

Following is a Screenshot of the Problem:

You can fix the situation by doing whats shown on Screenshot-

net stop npf

net start npf

Run this on a elevated command prompt. This will reload the netfilter drivers on Windows.

Remove Desktops such as Plasma, Mate etc from Desktop Switcher menu in Ubuntu

Do the following as shown in Screenshot to remove Desktop Enviornment Entry - Plasma from Ubuntu Login Screen's Desktop Enviornment Menu. Lightdm Menu.

Network Simulators for Windows

Above is eNSP. It allows you to simulate Huawei Devices.

Following is HP Network Simulator which simulates HP Devices:

You must install VirtualBox-5.0.16-105871-Win on Windows 7 as that only particular version works perfectly with both eNSP and HP Network Simulator. Also need to set this enviornment variable: Vbox_Install_Path=

Deleting VMNET Adapters from Windows PC

Following is the code you need to run in elevated CMD:

"C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet2 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet3 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet4 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet5 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet6 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet7 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet9 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet10 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet11 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet12 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet13 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet14 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet15 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet16 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet17 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet18 "C:\Program Files (x86)\VMware\VMware Workstation\vnetlib.exe" -- remove adapter vmnet19

Adding "Open Command Prompt" in Windows Right Click Context Menu

Above is a screenshot depicting the Open cmd here as Administrator/Open command promt and Open elevated command prompt.

All three does exactly what it does.

Following is the code to add the menus. Copy the code, save in as 1.reg and then Double click the .reg file to run and merge the code to Windows Registry:
Open cmd here as Administrator

Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\Directory\shell\runas]
[HKEY_CLASSES_ROOT\Directory\shell\runas]
@="Open command window here as Administrator"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\shell\runas\command]
@="cmd.exe /s /k pushd \"%V\""
[-HKEY_CLASSES_ROOT\Directory\Background\shell\runas]
[HKEY_CLASSES_ROOT\Directory\Background\shell\runas]
@="Open command window here as Administrator"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\Background\shell\runas\command]
@="cmd.exe /s /k pushd \"%V\""
[-HKEY_CLASSES_ROOT\Drive\shell\runas]
[HKEY_CLASSES_ROOT\Drive\shell\runas]
@="Open command window here as Administrator"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Drive\shell\runas\command]
@="cmd.exe /s /k pushd \"%V\""
[-HKEY_CLASSES_ROOT\LibraryFolder\background\shell\runas]
[HKEY_CLASSES_ROOT\LibraryFolder\background\shell\runas]
"HasLUAShield"=""
@="Open command window here as Administrator"
[HKEY_CLASSES_ROOT\LibraryFolder\background\shell\runas\command]
@="cmd.exe /s /k pushd \"%V\""

For always running Windows CMD as Administrator, you can add the following:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\\Windows\\System32\\cmd.exe"="~ RUNASADMIN"
"C:\\Windows\\SysWOW64\\cmd.exe"="~ RUNASADMIN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\\Windows\\System32\\cmd.exe"="~ RUNASADMIN"
"C:\\Windows\\SysWOW64\\cmd.exe"="~ RUNASADMIN"

For the later two Menus, you need to download and install - CmdOpenInstall-2.1.0.exe

Search for the application in Google and Install it.

Creating VLANS in GNS3 with MROS and Cisco

When you create VLAN in GNS3 in MROS its crucial to know what adapter model you are selecting under network interfaces. To be specific the intel e1000 adapter is capable of handling VLAN tags in hardware, thus when you select it the software will try to emulate that exact behavior. This will produce incorrect results.

Use RealTek Adapter model for all MROS emulations. It works well.

For QEMU emulated Windows XP, you must use e1000 adapter as this allows you to set VLAN in Ethernet Adapter. You will need to install the IntelPro Ethernet Adapter and its Advanced Services.

Browser Choices available for Windows Platform

Following is a screenshot containing list of Browsers available for Windows Platform:

OSPF Basics - MultiArea OSPF with three Routers in GNS3

Requirement: Connect two routers on l3 using OSPF using different area ID.

Following is a snap of the current Topology:

R2 is the mediator and will make R1 and R3 communicate to each other. But R1 and R3 are in area 1 and area 2 respectively.

Following are the OSPF Configurations of three Routers:

R1:
c3725-R1(config)#do sh run | begin ospf
router ospf 1
 log-adjacency-changes
 network 1.1.1.0 0.0.0.255 area 1

R2:
c3725-R2(config)#do sh run | begin ospf
router ospf 1
 log-adjacency-changes
 redistribute connected
 network 1.1.1.0 0.0.0.255 area 1
 network 1.1.2.0 0.0.0.255 area 2
 default-information originate always

R3:
c3725-R3(config)#do sh run | begin ospf
router ospf 1
 log-adjacency-changes
 network 1.1.2.0 0.0.0.255 area 2

The above configuration produces the following routes:

R1:
c3725-R1(config)#do sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 1.1.1.2 to network 0.0.0.0

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Serial1/0
O*E2 0.0.0.0/0 [110/1] via 1.1.1.2, 00:06:15, Serial1/0

R2:
c3725-R2(config)#do sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 2 subnets
C       1.1.1.0 is directly connected, Serial1/0
C       1.1.2.0 is directly connected, Serial1/1

R3:
c3725-R3(config)#do sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 1.1.2.1 to network 0.0.0.0

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.2.0 is directly connected, Serial1/0
O*E2 0.0.0.0/0 [110/1] via 1.1.2.1, 00:06:17, Serial1/0

Debugging and Fixing Audacity Crash on Ubuntu 16.04.

I was having crash of Audacity Audio Editor at Start. No error message was shown except - 

(Audacity:14109): Gtk-WARNING **: gtk_disable_setlocale() must be called before gtk_init()

,which was never the actual problem. 

I have tried to fix the issue by installing old version, new version and also i386 version of the same. None fixed that. 

I had to remove naspro-bridges to correct the issue. But that's not the agenda of this post. The way I found the solution is subject of interest here. 

The first step is to install Valgrind. Second is to run Audacity via valgrind to find the faulting module. 

sudo apt install valgrind
valgrind /usr/bin/audacity

This will generate the error report. Find the faulty module there and remove it via Synaptic. 

 

Fix Mouse Pointer regression on GNS3 QEMU VMs

In some VMs you will notice connecting via VNC gives a very bad mouse cursor movement experience.

You need to add the following after -nographic to fix the issue:

Add the following in place of -nographic:

-nographic -usbdevice tablet -vga std -nodefaults

Adding new Context Menus in Nemo File Manager running under Ubuntu 16.04

You might have heard of the tool nautilus-actions configuration Tool. There is no similar alternative for nemo file manager.

You need to manually create the configuration files under /usr/share/nemo/actions/

Im assuming application 'gmrun' and mousepad both are installed.
sudo apt install gmrun mousepad

Save the following as -  open-gmrun-as-root.nemo_action (The extension part .nemo_action is trival).

[Nemo Action]
Active=true
Name=Run Program as Root
Comment=Run Program as Root
Exec=gksu gmrun
Icon-Name=nemo
Selection=none
Extensions=any
EscapeSpaces=true

Exit Nemo and re-open it. You will see the newly created Context menu there.

Following are the others configs I have-

=> edit-with-mousepad.nemo_action

[Nemo Action]
Active=true
Name=Edit with Mousepad
Comment=Edit with Mousepads
Exec=mousepad %F
Icon-Name=mousepad
Selection=s
Extensions=nodirs
EscapeSpaces=true



=> open-gmrun.nemo_action

[Nemo Action]
Active=true
Name=Run Program
Comment=Run Program
Exec=gmrun
Icon-Name=nemo
Selection=none
Extensions=any
EscapeSpaces=true

Following are the screen-shots for your information: