RESTful Services

RESTful Services

Rest1

your client will need to request to the server, for data. on the request you can include data like API Keys when the request arrives at the server, will provide back with a response if it was successful or not, and provide you with data (JSON, XML, etc) – on the very simple form, RESTful can we thought of a way to get data.

JSON is a simple standard for data delivery in the restful model, JSON has been used to exchange data between applications written in all of these programming languages.

this source https://restfulapi.net/json-vs-xml/ provides some more insights.

XML is a data format, AND it is a language also. It has many powerful features which make it much more than simple data format for data interchange. e.g. XPath, attributes and namespaces, XML schema and XSLT etc. All these features have been the main reasons behind XML popularity.

JSON was not designed to have such features, even though some of them are now trying to find their places in the JSON world, e.g. JSONPath.

Simply put, XML’s purpose is to document markup. Always prefer to use XML, whenever document markup and meta-data is an essential part of data and cannot be taken away.

Example:

https://developers.messagebird.com/docs/introduction

curl -X GET 'https://rest.messagebird.com/reporting/sms?periodStart=2018-04-01T00:00:00Z&periodEnd=2018-04-30T00:00:00Z&periodGroup=month&filterBy[originator]=OmNomNom&filterBy[originator]=BeautyBird&groupBy=originator' -H 'Authorization: AccessKey test_euSTWsGvjp' -H 'Accept: application/json'

 

Rest2

 

 

Advertisements

My First EEM Applet Script


Cisco IOS Embedded Event Manager (EEM)
is a powerful tool integrated with Cisco IOS Software for system management from within the device itself. EEM offers the ability to monitor events and take informational, corrective, or any desired action when the monitored events occur or when a threshold is reached. Capturing the state of the router during such situations can be invaluable in taking immediate recovery actions and gathering information to perform root-cause analysis. Network availability is also improved if automatic recovery actions are performed without the need to fully reboot the routing device.

Ok let try to Prevent someone turning off Loopback Zero! 🙂

The Script:

event manager applet Lo0
event syslog occurs 2 pattern "Loopback0, changed state to admin"
action 1.0 syslog msg "Hey Someone shutdown my loopback0 - Turning it back on"
action 1.1 syslog msg "I am a Smart Router, i will turn my lo0 back up again"
action 1.2 cli command "enable"
action 1.3 cli command "configure ter"
action 1.4 cli command "int lo0"
action 1.5 cli command "no shut"
action 1.6 syslog msg "OK should be back up again"

EMMScript

Thanks to The Cisco Learning Network for this tip!

A Networker Blog

Cisco Wireless Control System (WCS)

Cisco WCS allows you to manage all the WLC in your enterprise network.

Cisco Wireless LAN Controllers work in conjunction with Cisco Aironet access
points and the Cisco Wireless Control System (WCS) to provide system wide wireless LAN functions. As a component  of the Cisco Unified Wireless Network, the WCS is made up of three primary components:

Solid database engine
Apache web server engine
the Java-based SNMP engine

All three components work together to provide the complete WCS functionality.

The Apache web server is what is called as GUI of the WCS. It provides web interface to the user. SNMP engine on WCS is used to communicate with the WLC. It helps to push the configurations to the WLC and gather logs and traps from the WLC. It uses SNMP protocol for all communications with the WLC. To check if all the three major components of WCS are running and its states, click on Start >Programs > WCS > Status

We connect to the Cisco WCS server by establishing a connection to URL Https://IPADdress, if you connect using http the Cisco WCS will redirect you to https.

 

after successful login, the Network Summary windows appers.

Adding WLC to the Cisco WCS

You will be prompted with a new scree where you will enter the IP Address/Mask of the managment interface of your WLAN Controller.

Verify that the IP address is the management interface (the interface used by the FIO and the Cisco WCS), and not the AP Manager interface (these is the one used between the WLC and the AP for LWAAP)

You should receive a refreshed screen indicating that you have successfully added the controller


You can click on the green ports, to show statistics of this port.  port 3 in these case is connected to the AP while port 4 is connected to the network infraestructure.

To Review the WLC Configuration using the WCS, select configure,  controllers and a new screen will show the available controllers, and then Click on WLAN in the right side

A Networker Blog

Wireless LAN Controller (WLC)

Setting Up a Wireless LAN Controller (WLC)

Traditional roles of access points, such as association or authentication of wireless clients, are done by the WLC. Access points, called Lightweight Access Points (LAPs) in the unified environment, register themselves with a WLC and tunnel all the management and data packets to the WLCs, which then switch the packets between wireless clients and the wired portion of the network.
All the configurations are done on the WLC. LAPs download the entire configuration from WLCs and act as a wireless interface to the clients. The WLC, can be set up using the web browser GUI, or the CLI, the CLI is commonly used to initialize a wireless LAN Controller to allow for routing monitoring and configuration from the GUI.

The GUI allows up to five users to brose simultaneously to configure parameters and monitor operational status for the controller and it’s associated LAPs (lightweight AP).

Welcome to the Cisco Wizard Configuration Tool
Use the '-' character to backup
System Name [Cisco_94:40:40]: WLC_VC
Enter Administrative User Name (24 characters max): cisco
Enter Administrative Password (24 characters max): *****

Management Interface IP Address: 10.6.1.50
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 10.6.1.100
Management Interface VLAN Identifier (0 = untagged): 0
Management Interface Port Num [1 to 4]: 4
Management Interface DHCP Server IP Address: 10.6.1.50

AP Manager Interface IP Address: 10.6.1.51

AP-Manager is on Management subnet, using same values
AP Manager Interface DHCP Server (10.6.1.50):

Virtual Gateway IP Address: 1.1.1.1

Mobility/RF Group Name: GroupXYZ

Network Name (SSID): WLCXYZ
Allow Static IP Addresses [YES][no]: no

Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.

Enter Country Code (enter 'help' for a list of countries) [US]: EE

Enable 802.11b Network [YES][no]: Yes
Enable 802.11a Network [YES][no]: no
Enable 802.11g Network [YES][no]: yes
Enable Auto-RF [YES][no]: yes
Configuration saved!
Resetting system with new configuration...

lets read the configuration now step by step

Welcome to the Cisco Wizard Configuration Tool
Use the '-' character to backup

System Name [Cisco_94:40:40]: WLC_VC
Enter Administrative User Name (24 characters max): cisco
Enter Administrative Password (24 characters max): *****

Management Interface IP Address: 10.6.1.50
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 10.6.1.100
Management Interface VLAN Identifier (0 = untagged): 0
Management Interface Port Num [1 to 4]: 4

These is used for in band management, the port number is important because it must match the connection
leading from the Wireless Lan Controller to the network infrastructure

Management Interface DHCP Server IP Address: 10.6.1.50

When using an internal wireless LAN controller DHCP Server, the ip address needs to match the
Management interface, therefore the DHCP Server and management address will be the same

AP Manager Interface IP Address: 10.6.1.51

AP Communication

AP-Manager is on Management subnet, using same values
AP Manager Interface DHCP Server (10.6.1.50):

Virtual Gateway IP Address: 1.1.1.1

The virtual gateway provides Layer 3 features such as DHCP relat to wireless clients, this value
Must match among mobility groups.

Mobility/RF Group Name: GroupXYZ

Mobility / RF Group allows multiple wireless controllers to be clustered into one logical
Controller group to allow dynamic RF adjustments and roaming for wireless clients.

Network Name (SSID): WLCXYZ
Allow Static IP Addresses [YES][no]: no

Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.

By default one WLAN SSDI is configured on the WLC already and it is using server based  Authentication, if you skip RADIUS configuration during the start up wizard you will see the warning. The result is a preconfigured SSID using 802.1x EAP requiring a RADIUS Server, however
there is no server defined, this is to prevent open authentication security vulnerabilities.

Enter Country Code (enter 'help' for a list of countries) [US]: EE

Enable 802.11b Network [YES][no]: Yes
Enable 802.11a Network [YES][no]: no
Enable 802.11g Network [YES][no]: yes
Enable Auto-RF [YES][no]: yes
Configuration saved!
Resetting system with new configuration...

After the initial configuraion is done using the startup wizard, WLC saves the configuration and
reset itself

Another way to access the system is through the controller web, with the controller web you can use your browser to access the system, view configuration details, as well as modify your system configuration. the first thing you must do is to establish a secure connection between your browser and WLAN Controller

After you login in the monitor summary screen appears including information about connected AP.
You may notice at first that you do not have an AP. the AP requires an IP Address via DHCP. the AP  will need an Later 3 LWAPP communication to the controller and for any wireless clients.

Now we are going to configure the internal DHCP Server, we click on Controller then Internal DHCP  Server, on the left side,  click new in the top right then enter a scope name

The WLC is designed to act as a DHCP relay agent to the external DHCP server and acts like a DHCP server to the client. This is the sequence of events that occurs:

1. Generally, WLAN is tied to an interface which is configured with a DHCP server.
2. When the WLC receives a DHCP request from the client on a WLAN, it relays the request to the DHCP server with its management IP address.
3. The WLC shows its Virtual IP address, which must be a non-routable address, usually configured as 1.1.1.1, as the DHCP server to the client.
4. The WLC forwards the DHCP reply from the DHCP server to the wireless client with its Virtual IP address.

The DHCP server of the wireless controller can service only directly attached layer 3 LWAPP AP and their associated wireless clients.  We return to the monitor summary screen, still no AP in there, the LAPs will take a few minutes to load its ip address, operating system, and configuration  from the WLC (hence the term “lightweight AP”, the screen automatically refresh every 30 seconds. Wait until the AP Appears  before proceeding, you will also notice that the 802.11a radio will appear but remain down since  you did not initially enable the radio in CLI configuration.

Configuring Security Using WiFi Protected Access-Pre-Shared Key (WPA-PSK)

In the past, security on WLANs was not a major concern. This lack of concern was, in large part, because WLANs were restrictive, we all know the WEP Key encryption is not secure, therefore, the majority of new clients are supporting WPA-PSK, let see how to configure these on the on the AP to operate with WPA-PSK enabled clients, using the WLC GUI web Browser.

WEP key encryption is not secure enough and WPA-PSK is the first step to improve wireless security, the next step is to enhance security by using  a server based authentication. Cisco WLC support a wide range of different clients to server based authentication types, LEAP provides some unique capabilities that may be difficult to duplicate with other authentication schemes. A few of them are as follows:

* Fast, secure roaming with Cisco clients or Cisco-compatible clients
* A broad range of operating systems and devices, including Macintosh, Linux, and DOS
* Single login to a Microsoft Active Directory (AD) or Windows NT domain using Microsoft credentials

A Networker Blog

ATM

ATM PVC configuration requires you to enter a map for the remote end. A map statement must be entered before you can even ping your own atm interface.

Router#conf ter
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname R1
R1(config)#line con 0
R1(config-line)#logg syn
R1(config-line)#exec-time 0 0
R1(config-line)#exit
R1(config)#no ip domain loo
R1(config)#int a1/0
R1(config-if)#ip add 10.1.12.1 255.255.255.0
R1(config-if)#pvc 1/102
R1(config-if-atm-vc)#protocol 10.1.12.2 br
 

Do not forget the broadcast parameter
for routing protocols and/or multicast traffic, To be able to ping your own interface.

R1(config-if-atm-vc)#protocol 10.1.12.1
R1(config-if-atm-vc)#encap ?
aal5mux    AAL5+MUX Encapsulation
aal5nlpid  AAL5+NLPID Encapsulation
aal5snap   AAL5+LLC/SNAP Encapsulation
 

AAL5Mux can only run one protocol while AAL5Snap can run multiple protocols.

R1(config-if-atm-vc)#encap aal5mux    ?
fr-atm-srv   Frame Relay/ATM service interworking
frame-relay  Frame Relay/ATM network interworking
ip           IP
voice        Voice over ATM
 
R1(config-if-atm-vc)#encap aal5nlpid ?

R1(config-if-atm-vc)#encap aal5snap
R1(config-if-atm-vc)#
 

Cisco Documentation:

aal5mux: AAL and encapsulation type for multiplex (MUX)-type VCs. A protocol must be specified when using this encapsulation type.

•appletalk—AppleTalk protocol.

•decnet—DECnet protocol.

•frame-relay—Frame Relay-ATM Network Interworking (FRF.5) on the Cisco MC3810.

•fr-atm-srv—Frame Relay-ATM Service Interworking (FRF.8) on the Cisco MC3810.

•ip—IP protocol.

•ipx—IPX protocol.

•ppp virtual-template number—Internet Engineering Task Force (IETF)-compliant PPP over ATM. Use the virtual-template number options to identify the virtual template. Supported on ATM PVCs only.

•voice—Voice over ATM.

aal5nlpid: AAL and encapsulation type that allows ATM interfaces to interoperate with High-Speed Serial Interfaces (HSSIs) that are using an ATM data service unit (ADSU) and running ATM-Data Exchange Interface (DXI). Supported on ATM PVCs only.

aal5snap: AAL and encapsulation type that supports Inverse ARP. Logical Link Control/Subnetwork Access Protocol (LLC/SNAP) precedes the protocol datagra

Final Configuration:

R1(config-if)#do show run int a1/0
Building configuration...

Current configuration : 181 bytes
!
interface ATM1/0
 ip address 10.1.12.1 255.255.255.0
 no atm ilmi-keepalive
 pvc 1/102
 protocol ip 10.1.12.1
 protocol ip 10.1.12.2 broadcast
 encapsulation aal5snap
 !
end
 

@R2 this is the configuration:

Router#conf ter
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname R2
R2(config)#line con 0
R2(config-line)#logg syn
R2(config-line)#exec-time 0 0
R2(config-line)#exit
R2(config)#no ip domain loo
R2(config)#int lo0
R2(config-if)#ip add 150.2.2.
*Oct 13 12:28:02.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0,
 changed state to up
R2(config-if)#ip add 150.2.2.2 255.255.255.255
R2(config-if)#exit
R2(config)#int a1/0
R2(config-if)#ip add 10.1.12.2 255.255.255.0
R2(config-if)#pvc 1/201
R2(config-if-atm-vc)#protoco 10.1.12.1 b
R2(config-if-atm-vc)#protoco 10.1.12.2
R2(config-if-atm-vc)#encap aal5snap
R2(config-if-atm-vc)#exit
R2(config-if)#no sh
R2(config-if)#do show run int a1/0
Building configuration...

Current configuration : 181 bytes
!
interface ATM1/0
 ip address 10.1.12.2 255.255.255.0
 no atm ilmi-keepalive
 pvc 1/201
 protocol ip 10.1.12.1 broadcast
 protocol ip 10.1.12.2
 encapsulation aal5snap
 !
end
R1#ping 10.1.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/86/168 ms</pre>

Ping to the remote device

R1#ping 10.1.12.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/72/164 ms
R1#

A Networker Blog

The BGP MED – Deterministic vs Always-compare. tin tin !!!

For a Summary of this great protocol please check out this link: BGP Summary

Main Cisco Document Link about the topic in this post.

 

the topology used:

 Note: When BGP receives multiple routes to a particular destination, it lists them in the reverse order that they were received, from the newest to the oldest. BGP then compares the routes in pairs, starting with the newest entry and moving toward the oldest entry (starting at top of the list and moving down). For example, entry1 and entry2 are compared. The better of these two is then compared to entry3, and so on.

we can see that to get to the 3.3.3.3 network, R1 is choosing R3 as the best path because of Step 7 of the BGP Algorithm Process should win here again (Ebgp over IGBP), without comparing any med value.

the show

 

we can test this decision process, by turning down the peering relationship between R1 and R3

 we can see that we prefer now the path towards R2, because of a lower MED value, if we change the metric to something higher than R4’s metric announced to R1, in R2 (say 200).

and having that route announce from R2 to R1

R1 is  going now to preferring the path over R4, because of a better MED Value (lower value), Lets change the MED again to 100 in R2 for the BGP Peering relationship between R4 and R2,  now R1 is going to prefer the path to reach the 3.3.3.3/32 network over R2 because we are comparing the MED Values in the same Group (AS 4,3)

We can see that R1 is preferring R2 to reach the network, so this is very OK, routers are talking here 🙂

Now, lets enable again then the relationship with R3 again, and proceed test out the Example 2

here, we have 3 entries now, and 1 of the entries is arriving from a different autonomous system number, we do not compare the MED value by default in this case, entry 1 is the Best path because of the administrative distance (External [20]Vs Internal [200]) , so we stop at step 7 on the decision process… and the Step 6 is not analyzed  this step indicates that comparison only occurs if the first (the neighboring) AS is the same in the two paths. Any confederation sub-ASs are ignored

Example 2: bgp deterministic-med Disabled, bgp always-compare-med Enabled

 Entry1 is compared to entry2. These entries are from different neighbor autonomous systems, but since the bgp always-compare-med command is enabled, MED is used in the comparison. Of these two entries, entry1 is better because it has a lower MED. Next, entry1 is compared to entry3. The MED is checked again because the entries are now from the same autonomous system. Entry3 is chosen as the best path.

entry1: AS(PATH) 500, med 150, external, rid 172.16.13.1 entry2: AS(PATH) 100, med 200, external, rid 1.1.1.1 entry3: AS(PATH) 500, med 100, internal, rid 172.16.8.4

  

 from this output we determine that Entry 1 received from 2.2.2.2, with AS 4,3, Entry 2 received from 4.4.4.4 with AS 4,3 and Entry 3 comes from 3.3.3.3, with AS 3,3.

Entry 1 is evaluated with Entry 2, since both entries  transport the same AS information, the Step 6 of the decision process is now perform,  and the best path is Entry 1 because it has the lowest MED and wins over the med that carried in Entry 2. Step 6 of the decision process. Now Entry 1 is compared with Entry 3,  and Entry 1 (lowest MED) is the winner of the election process because of the ALWAYS-COMPARE-MED, configuration done in the BGP Process. And this is testable by the outputs before enabling the always-compare-med, so we are like relaxing a little bit the rule of step 6 … This comparison only occurs if the first (the neighboring) AS is the same in the two paths. and instead of not comparing the MED Value of the route received over to different AS,  with this command we can now compare the entries with the MED Value even if the Entries are not from the same AS.

Example 3: bgp deterministic-med Enabled, bgp always-compare-med Disabled

When the bgp deterministic-med command is enabled, routes from the same autonomous system are grouped together, and the best entries of each group are compared. The BGP table looks like this:

entry1: AS(PATH) 100, med 200, external, rid 1.1.1.1 entry2: AS(PATH) 500, med 100, internal, rid 172.16.8.4 entry3: AS(PATH) 500, med 150, external, rid 172.16.13.1

There is a group for AS 100 and a group for AS 500. The best entries for each group are compared. Entry1 is the best of its group because it is the only route from AS 100. Entry2 is the best for AS 500 because it has the lowest MED. Next, entry1 is compared to entry2. Since the two entries are not from the same neighbor autonomous system, the MED is not considered in the comparison. The external BGP route wins over the internal BGP route, making entry1 the best route.

 

Group 1: Entry 1 = 3,3 from 3.3.3.3

Group 2: Entry 2 = 4,3 from 2.2.2.2  vs Entry 3 = 4,3 from 4.4.4.4  

Entry 1 is the only one on that group so no other entries on that group to compare. so he is the winner by forfeit. Now Group 2 is now evaluated, and here we have 2 entries, Entry 2 and Entry 3 are compared and Entry 2 wins the process because of a better MED Value (lowest metric again step 6), now the winners of each group are compared and Entry 1 from Group 1 is compared with the winner of Group 2 (Entry 2), and Entry 1 wins because of step 7, since we are not using the always-compared-med in the BGP Routing Process, so step 6 is not checked here.The winner of each group are compared and the winner depends now on the BGP Process based on step 6 (if always compare med is enabled) or step 7 if this command is not enabled. This reminds me to those football chart 🙂

Example 4: Both Commands Enabled

Now if we enable always-compared-med & deterministic-med, entry 2 of group #2 wins against entry 1 of group #1, because of a lower MED Value.

Enabling the bgp deterministic-med command ensures the comparison of the MED variable when choosing routes advertised by different peers in the same autonomous system. Enabling the bgp always-compare-med command ensures the comparison of the MED for paths from neighbors in different autonomous systems. The bgp always-compare-med command is useful when multiple service providers or enterprises agree on a uniform policy for setting MED.

HYEI

Victor Cappuccio.-  

A Networker Blog

keys in my keychain :)

R4(config)#service password-encryption
R4(config)#username victor pass cappuccio
R4(config)#do show run | in username
username victor password 7 121A0407021E0F072324
R4(config)#!Huu so you are looking for something
R4(config)#!like
R4(config)#!http://bosondownload.com/utils/bos_getpass.exe
R4(config)#!or
R4(config)#key chain HOWCOOL
R4(config-keychain)#key 1
R4(config-keychain-key)#key-str 7 121A0407021E0F072324
R4(config-keychain-key)#do show key chain
Key-chain HOWCOOL:
key 1 — text “cappuccio”
accept lifetime (always valid) – (always valid) [valid now]
send lifetime (always valid) – (always valid) [valid now]
R4(config-keychain-key)#

🙂

Thanks Brian Dennis (Internetwork Expert Author and Owner) for this Tip