Fiber carries light

Lighting the way for progress

Not when fiber breaks

– Paul Schuh

I wrote this haiku a few years ago as I was testing fiber trunk lines between two campus buildings to locate a suspected break.

Async Cables

Serial cables

Front of Rack

Rear view of rack

Setting up my CCNA Lab routers this evening. Have everything mounted in the rack and cabled together. At the core of the set up, I have a 3620 with an async card in it that gives me terminal/console access to everything in the rack without having to swap the console cables around. I just telnet to a specific port off the 3620 to access a particular device.

For example, when I want to connect to the router connected to Async line 6, I just connect with: “telnet c3620 6006″

Here are some shots of my current set up.

First shot is a close up of the octo-cables coming out of the Cisco 3620. Each line goes to a serial interface on other equipment in the rack. Right now, I’m using 10 serial lines. The interface here supports up to 32 serial lines — so I’ve got a bit of room for growth.

The next shot is the inter connecting serial DTE/DCE cables between each Cisco 2600 router. The router with four serial interfaces is connected to four separate 2600′s — one, two, three, and four. One and Two are further connected to each other, as are three and four in this particular set up.

Finally, here are two shots, one of the front of the rack and another of the rear of the rack.  Below the routers is a shelf where I have a couple of Linux boxes that I use as nodes on the networks for testing connectivity between different router setups/configurations.

I’m building a lab at the house to use to study for CCNA and CCNP certification. On the left are some old Cisco routers and switches scrounged from work. On the right are some routers and switches I bought on eBay. I have a Cisco 3620 with an Async cable connected to all of the console ports so I can access all of the systems console ports thought the 3620.

It’s just about ready to go — I’m just waiting for an order of DCE/DTE crossover cables to arrive and then I’m in business. I hope to be able to get things set up so that I can administratively reconfigure the systems without having to make a lot of patch cable changes to create different scenarios… we’ll see.

Finally, in the bottom left corner, is an Ubuntu Linux system I’m using for general management of the switches. It’s got tftpd set up, and can receive syslog messages from the systems if I need to do some heavyweight log troubleshooting. Eventually, I hope to get it set up as a TACACS server as well.

Update #1 — mounted the equipment into a rack that was donated to this cause.

I’m completely operational, and all my circuits are functioning perfectly. — Hal 9000

So, anyway, as I re-assemble the site, I will slowly but surely republish some of the old articles with tips and tricks that are still applicable (SSH port tunneling, for example) — and also, I’ll try to update them as well.

About this site — it used to have the title ‘Tao of Network Administration’ — since I plan to cover more than just network administration, I’ve settled on the less specific “Tao of Schuh.”

By day, I manage the network and many of the servers and linux/unix computing labs for the School of Electrical and Computer Engineering at Cornell University. Occasionally I will develop LAMP (Linux Apache MySQL PHP) applications and assist with computer and network security prevention as well as post-incident security analysis and forensics. I’ve maintained CISSP certification since 2001.

By night, I play bass guitar with the Snake Oil Salesmen; read books; compose/write music with Ableton Live, Reason, and Logic Pro; and I’m currently teaching myself (aka playing around with) the Apple Final Cut Studio suite of applications — mostly Final Cut Pro and Motion.

And finally, when its warm — I just might be out on Cayuga Lake sailing my 1974 Ranger 23 sailboat.

Here’s to the future!

Paul Schuh

Where I work, the Cornell University School of Electrical and Computer Engineering, the network only allows secure encrypted connections into the servers on the network. If you want to transfer files to and from the network, you need to use a program that supports SFTP or SCP2 transfer protocols. For users of Microsoft OS’ I recommend using SSH from SSH, Inc. which can be downloaded from ftp://ftp.ssh.com/pub/ssh/.

Unfortunately, many web design programs and other applications that use FTP do not support SFTP or SCP2, Macromedia Dreamweaver 2004 is the first and only to date that I’ve heard of that does have SFTP support built-in. Don’t worry… there is a way to get around this limitation by following a few simple steps.

1. To use these instructions, you must have an account on the system you want to transfer files to.
2. You must have SSH from SSH Inc. installed on the same system as the application you want to use. (There are other SSH clients that will work, but they are not covered in this howto.)
3. These instructions assume you are running a Microsoft Windows® operating system. (I will post Apple Macintosh® instructions shortly)
4. Start SFTP. This can be accomplished in a couple of different ways. There may be an icon that looks like this on your desktop.
   
   Double click it to start SFTP. Otherwise, you’ll need to click on ‘Start’, ‘Programs’, ‘SSH Secure Shell’, ‘Secure File Transfer Client’ to start the program. If you can’t find it, make sure SSH is properly installed.
5. Before we can do anything else, we need to setup the connection profile. To do this, click on the ‘Profiles’ menu item and select ‘Add profile…’
   
6. You should now see the following:
   
7. Now, enter a name for this new connection like this:
   
8. Now, we need to edit the profile. Select ‘Profiles’ from the menu and click on the ‘Edit profiles…’ menu item.
   
9. Select your profile. In this example, it is ‘ECE People Webserver’.
   
10. Make sure the ‘Connection’ tab is selected, and enter the hostname of the remote system in the ‘Host name’ field. For personal website accounts in Cornell ECE, it should be ‘people.ece.cornell.edu.’ For course websites in Cornell ECE, use ‘courses.ece.cornell.edu.’ For Cornell ECE research websites, use the name assigned to the research website. The CBCRL research website would be ‘cbcrl.ece.cornell.edu’. Check with your webmaster if you’re not sure what to use.
    
11. Enter the website account username. If you’re not sure what to use, check with the your webmaster.
    
12. Click on the ‘Outgoing Tunneling’ tab.
    
13. Click on the ‘Add…’ button.
    
14. You should now see a window like the following:
    
15. Enter ‘FTP’ into the Display Name, change the Type to ‘FTP’, set the Listen Port to 21, make sure ‘Allow Local Connections Only’ is checked, make sure the ‘Destination Host’ is set to ‘localhost’, and set the ‘Destination Port’ to be ’21′, like the following example, and then click ‘OK’.
    
16. Your configuration window should now look something like this.
    
17. We’re almost done setting things up… click the ‘OK’ button.
18. Let’s try the connection… select ‘Profiles’ from the menu, and then click on the name of the configuration you just set up.
    
19. The first time you connect to a remote system, you will probably see a window like the following, if you do, click ‘Yes’ and continue with the next step. If you do NOT see a window like this… don’t worry, just skip to the next step anyway.
    
20. You should now see the following window:
    
21. Type in the password for the username you entered in the Profile configuration. If you are not sure what it is, check with your webmaster. As you type, ‘*’ characters will be displayed. This is to prevent someone from seeing what your password is. When you’re done… click ‘OK.’
    
22. Hopefully, you should now see a window similar to the following window… if you do, congratulations! You are done with the tunneling configuration, go to the next step. If you don’t, retrace your steps to make sure that you have followed all of the steps.
    
23. I’m not going to cover the specific configuration of web editing clients as they are all very different from each other. That said, pretty much, all you need to do is run ‘SSH Secure File Transfer’, logon to the profile you want to work with, and configure your client to use FTP with ‘localhost’ set to be the remote client, and enter your username and password where appropriate for the application. (If you have problems using ‘localhost’, you can try using ’127.0.0.1′ instead which is the IP address that localhost is an alias/synonym for.) As long as SSH is running in the background, you will be able to upload the remote system using ‘FTP’ to ‘LOCALHOST’. NOTE: If you maintain multiple websites… make sure you’re connected to the correct one in SSH before uploading your web content.
24. Have fun!

Paul Schuh, CISSP