Wednesday, November 23, 2011

Flashing IOS on a 1841

I recently bought a Cisco 1841 which was missing its CF card for $15. I found a small 64mg Sandisk replacement and needed to reload IOS. A quick Google search for a copy of 12.4 turned up a copy  and today I attempted to upload the flash. The router was stuck in rommon and after finding out a xmodem copy was going to take 4 hours, I quickly downloaded Solarwinds TFTP server and moved the copy of IOS to the C:/tftp root directory. I renamed it to c1841.bin.

Here are the basic steps I took:
1) Setup Hyperterminal to 9600 8-N-1
2) Set your network adapter to a static IP of 10.1.1.1
3) Start your TFTP server- make sure the service is added to your Windows 7 firewall or it will time out
4)Use a crossover cable, switch, or gigabit adapter which will allow auto negotiation.
5) At the rommon promp enter the following:

rommon 1> IP_ADDRESS=10.1.1.2
rommon 2 > IP_SUBNET_MASK=255.0.0.0
rommon 3 > DEFAULT_GATEWAY=10.1.1.254
rommon 4 > TFTP_SERVER=10.1.1.1
rommon 5 > TFTP_FILE=c1841.bin
rommon 6 > tftpdnld
(The next lines are the output from the console)

          IP_ADDRESS: 10.1.1.2
      IP_SUBNET_MASK: 255.0.0.0
     DEFAULT_GATEWAY: 10.1.1.254
         TFTP_SERVER: 10.1.1.1
           TFTP_FILE: c1841.bin
        TFTP_MACADDR: 00:18:ba:9f:24:96
        TFTP_VERBOSE: Progress
    TFTP_RETRY_COUNT: 18
        TFTP_TIMEOUT: 7200
       TFTP_CHECKSUM: Yes
             FE_PORT: 0
       FE_SPEED_MODE: Auto Detect

Invoke this command for disaster recovery only.
WARNING: all existing data in all partitions on flash will be lost!
Do you wish to continue? y/n:  [n]:  y

6) Select yes to load the new image.

Receiving c1841.bin from 10.1.1.1 !!!!!!!!
File reception completed.
Validating checksum.
Copying file c1841.bin to flash.
program load complete, entry point: 0x8000f000, size: 0xc100



Format: Drive communication & 1st Sector Write OK...
Writing Monlib sectors.
................................................................................
..................
Monlib write complete

Format: All system sectors written. OK...
Format: Operation completed successfully.

Format of flash: complete
program load complete, entry point: 0x8000f000, size: 0xc100

Initializing ATA monitor library.......



7) After it finishes copying, boot the new IOS.
rommon 7> boot

You should now be greeted by txt prompting you to start the initial config. :)


If your only option is to install via console here are some helpful instructions I found here:
LINK


To load an IOS onto a router using ROMmon mode via the Cisco console cable:
  1. Connect to the router using the light blue Cisco console cable (make sure the RJ-45 connector is plugged into the console port on the router) using the 9600-8-N-1 settings. The next two steps (changing the console baud rate) are optional.
  2. In ROMmon mode, change the baud rate to 15200 using the confreg command.
rommon 1>confreg
Configuration Summary
enabled are:
break/abort has effect
console baud: 9600
boot: the ROM monitor
¨ The router will guide you through changing the registry. You want to press y to chang the configuration. The only other change you need to make is the change to the console baud rate, set that to 7 (115200).
do you wish to change the configuration? y/n [n]: y
enable "diagnostic mode"? y/n [n]:
enable "use net in IP bcast address"? y/n [n]:
enable "load rom after netboot fails"? y/n [n]:
enable "use all zero broadcast"? y/n [n]:
disable "break/abort has effect"? y/n [n]:
enable "ignore system config info"? y/n [n]:
change console baud rate? y/n [n]: y
enter rate: 0 = 9600, 1 = 4800, 2 = 1200, 3 = 2400
4 = 19200, 5 = 38400, 6 = 57600, 7 = 115200 [0]: 7
change the boot characteristics? y/n [n]:

Configuration Summary
enabled are:
break/abort has effect
console baud: 115200
boot: the ROM Monitor
 do you wish to change the configuration? y/n [n]:
You must reset or power cycle for new config to take effect.
 rommon 2>

  1. When you reset the router in your console window you will see characters that you cannot read. You have to stop the session and set your baud rate to 115200. This will let you increase the speed that you use to transfer the file.
  2. At the rommon prompt enter xmodem -c {filename}
  3. When prompted, enter y to continue
  4. From your hyperterminal prompt, click on transfter then send file
  5. Select the IOS image then change the protocol to xmodem via the dropdown box then click send.
  6. After the IOS has been downloaded, change the boot order by using the confreg 0x2102 command.





Wednesday, September 7, 2011

Installing a .iso off a USB flash drive.

After my recent fileserver issues at home I have not had access to my generic tools kit I put together for day to day tasks. My memory is terrible and I could for the life of me remember the name of a program that allowed me to "burn a iso to usb" or boot a iso off a USB flash drive. A bit of googling and digging, I found it!
http://unetbootin.sourceforge.net/

UNetbootin allows you to create bootable Live USB drives for Ubuntu, Fedora, and other Linux distributions without burning a CD. It runs on Windows, Linux, and Mac OS X.

Hope this helps someone out!

Tuesday, August 30, 2011

pfSense 2.0 RC3 embedded with VGA

Last week I blogged about hacking up an old Google Mini appliance and transforming it in to a energy efficient pfSense router. Today I wanted to make a quick note about how to setup pfSense 2.0 RC3 embedded with VGA. For many years I used pfSense 1.2 on a older pentium III. What drew me to pfSense was its small platform and ability to run off a compact flash card. It was only after I purchased some used 1u vpn routers that had compact flash card readers built in that I started researching about the embedded version. These same appliances had VGA ports and usb ports, along with 4 network ports and 1 additional PCI device (wifi or lan for example). After searching around a bit I found Hacom, an embedded systems and appliance company. These great folks have provided their modified factory embedded install, enabling VGA and USB while still running off a small 256mg-4gb compact flash card. Now that I am more accustom to console devices, the CLI no longer scares me, but even so I installed Hacom's latest release of vga enabled pfSense on my new router.

You can download PFhacom here:

http://www.hacom.net/kb/pfsense-2-rc3

And use physdiskwrite to get it on to your CF card:
http://m0n0.ch/wall/physdiskwrite.php

Enjoy!

Monday, August 29, 2011

Setting up SSH through vSphere 5 client.

Here is a simple guide to setting up SSH access to your host through the provided vSphere 5 client. This is a nifty trick, as before with 4.1, you had to enable it on the local console. This was rather inconvenient if you were not local to your host.

Fire up vSphere 5 client and head over to configuration. Locate "Security Profile".

Notice SSH down near the bottom (I already enabled mine).
 Double click SSH and select your favorite startup method. Be sure to click ok and restart before trying to connect.
 Fire up your favorite SSH client, I just happen to have PuTTY on my laptop. Default settings.

Now you have SSH access. Enjoy!

When you can't re-add a data store in ESXi...

Google it!
http://scev7n.blogspot.com/2011/02/error-disk-is-blank-with-esxi-datastore.html

I recently had a issue with one of my SAS drives, which caused a failure on my raid card and a lost datastore. After I replaced the drive, I kept getting the error that my disk is blank. Duh, I just recreated the array. Anyways, 5 minutes on Google and I found the helpful post above. Some simple fdisk commands later through a SSH command prompt, and bam! Everything is back to normal and I was able to re-add the datastore.

vSphere 5 Hypervisor is here!

It is finally here!
After VMware announced the release of vSphere 5 months ago and confused/frustrated us all with their new vram licensing, you can now download a copy for your home lab. Head over and grab the Free version for yourself. Be sure to check the hardware whitelist as device support has changed! This is perfect timing as my virtualization project at work has been put on hold while some old legacy NT systems are upgraded. I should have plenty of time to evaluate vSphere 5 before it gets put in to my production environment.

Thursday, July 7, 2011

A new life for a "Google Mini" search appliace, PFsense, hardware hacking.

With our new "High Speed Cable Internet", it was time to replace my aging Linksys WRT54G v3 router running Tomato. It was on its last legs for some time, even our 3mg DSL would some times cause it to lock with more then 10 devices connected. Our new service came with this nasty new feature, called a montly bandwidth CAP. Thanks Wave! These CAP's essentially monitor your monthly usage and charge you for exceeding the provided amount. This is fine for most people, but despite choosing the plan with the largest provided bandwidth allotment (300gb), and since I just bought 14tb of hard drive space to upgrade my file server and my brother is also a rather heavy user, I had to do something to monitor our bandwidth consumption.
 
I decided to go with something I have worked with in the past. This is not the first time I have ran pfSense at my house, but after a hardware failure last year it was replaced due to a lack of time. Now that I am "back in the IT game" I seem to enjoy playing around with this stuff more then last year when I was running my car shop. Now don't get me wrong, there are dozens of other great pieces of software out there, but pfSense really has a solid foundation and does everything I need it to do right now. If you are interested in other Open Source or free routers, may I suggest Untangle, ClearOS, and moNoWall, ipCop, or Smoothwall.

pfSense offers QOS, bandwidth monitoring and reporting, and runs on a very tiny platform designed for embbeded or low power boxes. It is one of my favorite firewalls due to its simplicity and full feature set.

As a frequent craigslister, I find myself seeing the same items listed over and over. Most the time these are overpriced or junk, but every once in a while I find something neat that no one else wants. Honestly, if I did not have a background in hardware hacking, I would not have bought this either. Then again, anything that is bright blue and slapped with big shiny letters that say GOOGLE is just too hard to resist, especially for $20.  Hey, plus now when people ask, I can say my house is powered by the Google! (Bad Geek joke 1...)


This beautiful piece of hardware is a 1u Google Mini search appliance. Its original use? Providing a internal search engine based off Google's search engine, allowing indexing and fast access to intranets, sharepoint sites, and public documents in Small Medium Businesses. Manufactured by Gigabyte for Google, this 1u featured a Dual Pentium III motherboard, PC133 sdram, 3 hot swap IDE hard drives attached to a Promise technologies backplane and raid controller, dual nics, tons of little 40mm screamer fans (found in nearly every full length 1u) and some rather neat built in options. All together, it was a screamer, in 2003. When I picked it up off Craigslist, it had been stripped of processors, ram, heatsinks, and hard drives.

This left it rather useless, plus who runs a dual pIII server anymore? Not only would tracking the parts down be a PITA, I already had the hardware I wanted to run. A nice, power efficient Dual Core Atom 1.66ghz, left over from a server upgrade. My only problem? This case is too damn big. Well, it is not really a problem with the right tools :). After stripping the chassis and taking the old guts to my local e-cycler, I laid out a basic design and headed to the shop. Thankfully the Google lettering was actually on a large piece of vinyl and was easily removed for a later use.


Remember kids, always wear your safety gear when playing with powertools.



Well that solved 1/2 my problem. I just needed to take care of the mounting points left over by the larger uATX motherboard and hot swap bays. I choose the front half of the case for 2 reasons. 1) The rear was stamped with the old motherboards backplate and 2) I could keep the retention points for the front cover.With the cutting, grinding, sanding, and cleanup out of the way, I found the stand offs I wanted to keep and removed the rest.






Hardware:
Intel Atom D510
2GB DDR2 800
Intel Pro1000/MT
1gb Compact Flash card
CF to IDE adapter
250w 1u powersupply

Now I ended up keeping the 1u's factory powersupply. Not only did it mount up and the cables all reach, but I was also able to modify the fans to quiet it down significantly. The original chassis included a bank of 1u fans to keep the processors cool and air moving through the case. For some reason 2 of the 6 were Sunon 7cfm 40mm fans that happen to fit right in to the 1u powersupply, replacing its Delta screamers. The motherboard is mounted to two permanent stand offs and 2 spacers, preventing shortage. I did happen to have a 4 port NIC block + com port extender, along with a USB port block from a old hacked up case. These 3 along with the power connection make up the rear of the case. 

 I even found a blue powercord :).
Tucked temporarily away in the closet with our new cable modem. (Ignore the DSL modem, I have not removed it yet :).

Next up- Setup and
Impressions of pfSense 2.0 RC1 and using an embedded install with VGA :).

Marc

Jumping in to the 21st century with "Cable Internet".

Back in the early 2000's, our family was one of the first to get "High Speed DSL at a blazing 3Mbps" through our local telcom. I realize this must not be a big deal to most, but we live in the middle of no where. This replaced the 56k tied to a single Pentium III Dell, which did not suit our favorite games like Half Life, Team Fortress, and Unreal Tournament. Especially when both me and my brother wanted to play. Thankfully we soon both had computers and boy was sharing a DSL connection 10x faster then bridging a 56k connection. Soon after we added "IPTV" and for once could watch more then the 20 or so channels our antenna in the attic picked up.

Fast forward to 2011, my family has now moved back to my childhood home along with my brother. The aging DSL just did not cut it anymore and worse yet was the price. Who in their right mind would pay $45/m for 2.6Mbps DSL in 2011? The local telcom only offered 3mg DSL this far out and to be fair it did offer fiber, boasting up to a 60/60 line... but it ended 2 blocks up the street from us... Leaving us with no options, that was until Wave Broadband came through in 2009, purchasing the local cable provider. For a few years we dealt with the terrible speeds and choppy IPTV, but we finally gave in and decided to try it out.

Wave offered a number of plans, but seeing as both me and my brother are "heavy" users and my wife likes to stream movies/tv shows, we went for the fastest line offered this far out. The 18Mbps down/2Mbps service includes a 300gb/month cap, verses the 100gb/month on slower plans. This is not the fastest Wave offers, but it is the fastest they could guarantee a constant speed with. At $50 a month, we ditched the IPTV and have decided to go without cable TV. None of us have time for TV and when we do want to watch something, streaming services like Hulu and Netflix have replaced any need for cable in my mind. I am planning on hooking back up our digital antenna for OTA broadcasts, just in case there is a kids show on OPB my son wants to watch.

An appointment was made and figuring the standard "12-5" window, I took the afternoon off. I decided to maximize my time and have a friend over who needed some car assistance. He showed up right around 12:30 and we got to work on his project. Not 5 minutes later our installer showed up, ready to get everything done... I had not even cleared the brush from the cable boxes (not used in 20 years since the last owners.) The installer was nice, very patient, and was happy to work around our needs. Since cable had not been used in our 1891 house in 20 years, during any project we would rip out all the old RG59. This did not matter, as RG6 was needed.

Now here came the fun part... The main house sits on 8x8 timbers, with less then 8" of crawl space under them in some spots. The networking all lives in the study at the front of the house, opposite of the crawl space entrance. Our installer was not a small guy, and honestly neither am I. We both held a fairly similar 6ft 200pound build. We chatted a bit about what to do and at this point I offered to go under the house WITH him to assist... He somehow took this as I was going under... Honestly, it was not a problem for me. I had been under a few times, knew the obstacles, but never gone quite this far back.

I suited up, grabbed a flash light and shovel and one hour later I emerged, covered head to toe in dirt and dust. This was the most miserable thing I have done in a LONG time. I ended up digging under each of the 3 main beams to create 12" of clearance to squeeze under, and I mean squeeze. There was one point where I took a deep breath half way under and was stuck. I had to exhale all my air just to get through. At no point did I feel trapped though and we did end up getting the cable ran, but next time the installer gets to enjoy the misery of our crawlspace.

With everything hooked up, we ran our first speed test.



Not bad. Not bad at all. It turns out we are at the amplifier for the line and have an amazing signal. Mind you this changes drastically depending on time of day and where the test server is, but I have not dropped below 2.3MBps on an actual download speed. This is 10x better then our 300Kbps download the DSL gave us.


Would I recommend Wave broadband? It is too early to tell. Overall the service is as advertised and the installer was nice, on time, and even shared a few useful bits about the way Wave filters Cable TV. :)

Next up is our router solution and more about the pesky 300gb/month cap and how I plan to to keep track of it.

Marc

Monday, June 27, 2011

Time will tell all...

Decided to start keeping track of my ongoing projects and adventures. Here's hoping I have time to keep this updated :)