Saturday, January 14, 2017

HTTP Status 404 - /ccmadmin/showHome.do


If you are working with CUCM, and you meet this error after restart/boot:

type: Status report
message: /ccmadmin/showHome.do
description: The requested resource is not available.


Most probably it just means, that the server is not fast enough.. just wait for a little more. Probably Cisco Tomcat can start up much more faster then the other services, so it fails to proxy properly.

Tuesday, March 3, 2015

Apache 2.2 mod-authnz-external UNIX user auth howto with pwauth


This howto is for Debian linux, and for Apache version 2.2. Directories and installation types may differ on other distributions.

1. Install apache module (it will also install pwauth as a dependency)

apt-get install libapache2-mod-authnz-external

2.Enable apache2 module

a2enmod authnz_external

3.Check if module is loaded:

apache2ctl -M | grep  authnz_external

should see:

 authnz_external_module (shared)

4. Set up vhost:

4.1: In the selected directory:
 
AuthType Basic
AuthName Your-Site-Name
AuthBasicProvider externalAuthExternal pwauthrequire valid-user


4.2: In the beginning of the vhost file:

AddExternalAuth pwauth /usr/sbin/pwauth
SetExternalAuthMethod pwauth pipe


Possible problems:

Invalid AuthExternal keyword (pwauth)

You have no pwauth installation or you pwauth is not in the /usr/sbin directory, search it!


 Action 'configtest' failed.
The Apache error log may have more information.
 failed!


You have misspelled some command in the configuration file, check it!

Wednesday, February 11, 2015

Cisco IOU with web interface

What is IOU? IOU stands for IOS on Unix, special versions of IOS, which can be run as x86 services. These IOS versions are very light weight, they need less memory and CPU than GNS3 (or dynamips).

I had some problems during the installation of Cisco IOU, so I will show you how to do that easily. We will use IOU with a web interface (iou-web).

1. First of all, you will need a 32bit version of debian (or ubuntu, gentoo, whatever linux). If they are 32bit systems, your life will be better, trust me.

2. Then download the iou-web interface files from here. Download the latest .deb file and install it:

sudo dpkg -i <iou-web_version>

If it needs some dependencies, type:

sudo apt-get install -f
sudo dpkg -i <iou-web_version>


If everything is OK, the iou-web files are installed in /opt/iou.

So now you have the web interface working. Lets install the IOU! (For the IOU files, please use google!)

3. Install 'libcrypto' library:

sudo apt-get install libssl1.0.0
sudo apt-get install libssl0.9.8


4. You will need libcrypto.so.4, but it is not installable, so you will hack it a little: create a symlink:

sudo ln -s /lib/libcrypto.so.1.0.1e /usr/lib/libcrypto.so.4

5. You will need to install the license, you will find some information in the downloads.

6. Navigate to the web interface in your browser and choose 'Manage' menu, then 'manage IOSes'. Here you van upload the .bin files. After uploading them, you can create your own lab in the 'Laboratories' menu with the 'Add new lab' button.

References:

http://www.routereflector.com/cisco/cisco-iou-web-interface/
http://ciscoiseasy.blogspot.hu/2014/07/iou-forbidden-fruit.html



Wednesday, November 26, 2014

Debug Cisco Tunnels: GRE


We will debug GRE tunnels which were set in the previous post. There are two routers, basic interface configuration on Serial1/0 ports and a Tunnel interface on each router.

R1#debug tunnel
When everything is good:

R1#ping 192.168.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/21/36 ms
R1#
Tunnel0: GRE/IP encapsulated 200.0.0.1->200.0.0.2 (linktype=7, len=124)
Tunnel0 count tx, adding 0 encap bytes
Tunnel0: GRE/IP to classify 200.0.0.2->200.0.0.1 (tbl=0,"Default" len=124 ttl=254 tos=0x0)
Tunnel0: GRE/IP to classify 200.0.0.2->200.0.0.1 (tbl=0,"Default" len=124 ttl=254 tos=0x0)
Tunnel0: GRE/IP (PS) to decaps 200.0.0.2->200.0.0.1 (tbl=0,"default" len=124 ttl=254)
Tunnel0: GRE decapsulated IP packet (linktype=7, len=100)
Tunnel0: GRE/IP encapsulated 200.0.0.1->200.0.0.2 (linktype=7, len=124)
Tunnel0 count tx, adding 0 encap bytes
Tunnel0: GRE/IP to classify 200.0.0.2->200.0.0.1 (tbl=0,"Default" len=124 ttl=254 tos=0x0)
Tunnel0: GRE/IP to classify 200.0.0.2->200.0.0.1 (tbl=0,"Default" len=124 ttl=254 tos=0x0)
Tunnel0: GRE/IP
R1# (PS) to decaps 200.0.0.2->200.0.0.1 (tbl=0,"default" len=124 ttl=254)
Tunnel0: GRE decapsulated IP packet (linktype=7, len=100)
Tunnel0: GRE/IP encapsulated 200.0.0.1->200.0.0.2 (linktype=7, len=124)
Tunnel0 count tx, adding 0 encap bytes
Tunnel0: GRE/IP to classify 200.0.0.2->200.0.0.1 (tbl=0,"Default" len=124 ttl=254 tos=0x0)
Tunnel0: GRE/IP to classify 200.0.0.2->200.0.0.1 (tbl=0,"Default" len=124 ttl=254 tos=0x0)
Tunnel0: GRE/IP (PS) to decaps 200.0.0.2->200.0.0.1 (tbl=0,"default" len=124 ttl=254)
Tunnel0: GRE decapsulated IP packet (linktype=7, len=100)
Tunnel0: GRE/IP encapsulated 200.0.0.1->200.0.0.2 (linktype=7, len=124)
Tunnel0 count tx, adding 0 encap bytes
Tunnel0: GRE/IP to classify 200.0.0.2->200.0.0.1 (tbl=0,"Default" len=124 ttl=254 tos=0x0)

R1#Tunnel0: GRE/IP to classify 200.0.0.2->200.0.0.1 (tbl=0,"Default" len=124 ttl=254 tos=0x0)
Tunnel0: GRE/IP (PS) to decaps 200.0.0.2->200.0.0.1 (tbl=0,"default" len=124 ttl=254)
Tunnel0: GRE decapsulated IP packet (linktype=7, len=100)
Tunnel0: GRE/IP encapsulated 200.0.0.1->200.0.0.2 (linktype=7, len=124)
Tunnel0 count tx, adding 0 encap bytes
Tunnel0: GRE/IP to classify 200.0.0.2->200.0.0.1 (tbl=0,"Default" len=124 ttl=254 tos=0x0)
Tunnel0: GRE/IP to classify 200.0.0.2->200.0.0.1 (tbl=0,"Default" len=124 ttl=254 tos=0x0)
Tunnel0: GRE/IP (PS) to decaps 200.0.0.2->200.0.0.1 (tbl=0,"default" len=124 ttl=254)
Tunnel0: GRE decapsulated IP packet (linktype=7, len=100)

What we see here:

We sent 5 packets to R2, R1 encapsulated 5 packets, and decapsulated 5 packets. Obviously, the decapsulated packets are the reply packets from R2.


Wrong tunnel destination

With debug tunnel command, we will see after configuration change:

R1(config-if)#tunnel destination 200.0.0.3
FIBtunnel: Tu0: cli request terminated early: no
FIBtunnel: Tu0: cli request generated fib update: IPv4 punt change no, IPv6 punt change no, mode change no
FIBtunnel: Tu0: GRE/IP (0) punt ipv4: no (lc no), ipv6 no (lc no) [BEFORE]
FIBtunnel: Tu0: GRE/IP (0) punt ipv4: no (lc no), ipv6 no (lc no) [AFTER]
FIBtunnel: Tu0: stacking IP 0.0.0.0 to Default:200.0.0.3


R1#ping 192.168.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:

Tunnel0: GRE/IP encapsulated 200.0.0.1->200.0.0.3 (linktype=7, len=124)
Tunnel0 count tx, adding 0 encap bytes.
Tunnel0: GRE/IP encapsulated 200.0.0.1->200.0.0.3 (linktype=7, len=124)
Tunnel0 count tx, adding 0 encap bytes.
Tunnel0: GRE/IP encapsulated 200.0.0.1->200.0.0.3 (linktype=7, len=124)
Tunnel0 count tx, adding 0 encap bytes.
Tunnel0: GRE/IP encapsulated 200.0.0.1->200.0.0.3 (linktype=7, len=124)
Tunnel0 count tx, adding 0 encap bytes.
Tunnel0: GRE/IP encapsulated 200.0.0.1->200.0.0.3 (linktype=7, len=124)
Tunnel0 count tx, adding 0 encap bytes.
Success rate is 0 percent (0/5)

Packets are encapsulated and sent, but no response from the other side.