Networks – Page 2 – Research and Education Network for Uganda

Written by Carol Namuddu16Jul, 2020

Optical ByPass Switching

Optical Bypass Switches

A bypass switch (or bypass TAP) is a hardware device that provides a fail-safe access port for an in-line active network device such as an intrusion prevention system (IPS), next-generation firewall, network switch etc. if the device loses power, experiences a software failure, or is taken off-line for updates or upgrades, traffic can no longer flow through the critical link. The bypass switch or bypass tap removes this point of failure by automatically ‘switching traffic via bypass mode’ to keep the critical network link up.

A bypass switch has four ports. Two network ports create an in-line connection in the network link that is to be monitored. This connection is fully passive; if the bypass switch itself loses power, traffic continues to flow unimpeded through the link.

Two monitor ports are used to connect the in-line device. During normal operation, the bypass switch passes all network traffic through the network (CPE) switch as if it were directly in-line itself. But when the switch (CPE) loses power, is disconnected, or otherwise fails, the bypass switch passes traffic directly between its network ports, bypassing the CPE, and ensuring that traffic continues to flow on the network link.

A bypass switch monitors the health of the CPE by sending heartbeats to the network switch (CPE) as long as the network device/switch is on-line, the heartbeat packets will be returned to the optical bypass switch and the link traffic will continue to flow through the CPE.

If the heartbeat packets are not returned to the Optical Bypass Switch (CPE has gone off-line), the Optical Bypass will automatically bypass the CPE and keep the link traffic flowing. The Optical Bypass also removes the heartbeat packets before sending the network traffic back onto the critical link.

Written by Claire Nakakeeto17Jun, 2020

Using cacti to monitor bandwidth consumption

Cacti is a free network graphing tool that is used to visualize the time series data obtained by the Round-Robin database tool (RDD tool).

The tool polls network devices like switches and routers via SNMP and then graphs their data. Some of the data that are polled are CPU load, temperature, uptime and network bandwidth utilization.

Here we shall focus on how you can monitor your bandwidth from the cacti graphs.

Continue reading “Using cacti to monitor bandwidth consumption” →

Written by mwotila28Aug, 2018

Intel Reports

Accessible RDP

This report identifies hosts that have Remote Desktop (RDP) Service running and accessible to the world on the Internet. Misconfigured RDP can allow miscreants access to the desktop of a vulnerable host and can also allow for information gathering on a target host as the SSL certificate used by RDP often contains the system’s trivial hostname.

Remedy: Disable RDP from being world accessible by applying firewall rules either at the border or at the server itself

Accessible Telnet

This report identifies hosts that have a Telnet instance running on port 23/TCP that accessible on the Internet. Telnet provides no encryption and may expose sensitive information or system credentials.

Remedy: Disable Telnet service and use more secure protocols such as SSH or firewall the telnet services

SSL Scan

This report identifies hosts that allow the use of SSL v3.0 with cipher-block chaining (CBC) mode ciphers which are vulnerable to the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack. See US-CERT alert TA14-290A at: https://www.us-cert.gov/ncas/alerts/TA14-290A for more information on this vulnerability and exploit.

Continue reading “Intel Reports” →

Written by Ben Kyemba07Dec, 2017

Junos MX5 error after OS upgrade: System is running on alternate media device (/dev/da1s1a)

After OS upgrade on Junos MX5, you are hit with following notice upon reboot;
— JUNOS 13.3R9.13 built 2016-03-01 07:16:35 UTC
— NOTICE: System is running on alternate media device (/dev/da1s1a)

This error is as a result of various scenarios and below are the possible causes:
1.) A software failure/error on the primary media (flash)
2.) A hardware failure on the primary media (flash)
3.) A request issue reboot on the secondary media (disk)

Continue reading “Junos MX5 error after OS upgrade: System is running on alternate media device (/dev/da1s1a)” →

Written by Brian Masiga27Nov, 2017

Traffic Flow Sampling in Juniper Mx-5 and Mx-480 Routers IPv4 and IPv6

Traffic Analysis is a critical component in network planning, security and troubleshooting. For you to perform traffic analysis, you need to collect network traffic flows from the different aggregation points in your network such as routers and switches.

In Juniper, they take advantage of ‘sampling’ packets and frames going through a switch or router. The sampled flows can used by third party applications such as nfsen and ntop.

This configuration solution was done on a Juniper Mx 5 Router using ipfix .

Create a sampling instance at the chassis level in this case it was named ‘1to1’
set chassis tfeb slot 0 sampling-instance 1to1

Place the flow table size at the chassis level on tfeb for both IPv4 and IPv6
set chassis tfeb slot 0 inline-services flow-table-size ipv4-flow-table-size 5
set chassis tfeb slot 0 inline-services flow-table-size ipv6-flow-table-size 5

Continue reading “Traffic Flow Sampling in Juniper Mx-5 and Mx-480 Routers IPv4 and IPv6” →

Written by Nicholas Mbonimpa30Oct, 2017

Uploading Cisco IOS using XMODEM

Problem Statement

There are times when a router/switch can only boot up in ROMmon. This happens when the router/switch has no valid Cisco IOS software or bootflash image to boot from. This disaster recovery situation arises when, for example, the Cisco IOS software on the router/switch is corrupted or has crashed.

There are also cases where the router/switch has no USB port, or where it is not possible to set up a network connection with the router/switch, and hence using the Trivial File Transfer Protocol (TFTP) is not a solution.

Continue reading “Uploading Cisco IOS using XMODEM” →

Written by mwotila11Mar, 2016

Zimbra: Install a Comodo SSL Certificate

1. Get the bundle from Comodo in crt format, or sometimes like a zip file. You can also login to https://cert-manager.com/customer/eI4Africa and download the X.509 Root/Intermediate(s) bundle.

2. Copy the downloaded bundle to the mail server under /tmp. The bundle contains the following files:

AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt

Continue reading “Zimbra: Install a Comodo SSL Certificate” →

Written by mwotila10Mar, 2016

Apache2 per user web directories – Ubuntu 14.04

This tutorial helps in configuration of Apache 2 per user web directories. This enables Apache2 to serve we pages home user directories under a specific directory /home/username/public_html

Users accessing the page will in turn visit “http://server-name-or-ip-address/~username” Continue reading “Apache2 per user web directories – Ubuntu 14.04” →