Category: Cisco

Categories
Cisco Microsoft Windows

Windows 10 USB-to-Serial adapter Woes…

About 2 months ago, I had to go to a new customer site that was down and diagnose a problem.  Easy, I’ve done this a thousand times over the past 15 years…  Device not recognized. My USB-to-Serial adapter (no name brand off of Amazon) wasn’t working.  Code 10 Error.

I’m documenting this because, as infrequently as I actually use a console cable anymore, I tend to forget how to fix the issue when it arises.  2018 has been a funny year for Microsoft patching.  Seems to be a crap shoot of what will break once you apply new patches.  Windows 10 patches haven’t been immune to this.

Here’s how I fixed it.

  1. Download the PL2303_64bit_Installer.exe
  2. Unplug the USB-to-Serial Adapter
  3. Open up the previously downloaded exe.
  4. When prompted, plug in the USB-to-Serial Adapter
  5. Reboot

Now magically, you’ll have an adapter that provides a console port.

Some additional troubleshooting:  Apparently there is more than one version of the adapter on my computer but the one that works is 3.3.2.102 from 9/24/2008.

Hope this helps.

Categories
Cisco Microsoft Uncategorized Windows

Troubleshooting Network Performance Issues

This won’t be a tutorial, however, the purpose of this post is to highlight some common TCP/IP issues that degrade network performance.

Network Congestion – If your firewall/router graphs your network usage, use that or obtain your current throughput (up/down) to your ISP. Use the current usage and then run a few speed tests in order to determine if your hardware is capable of hitting your maximum download/upload speeds you currently pay for. So if you have a 100 meg fiber circuit and your firewall is showing you are currently using about 60 megs at any given time, you should be able to get somewhere close to 40 megs on a download test from speedtest.net. If not, either your provider is not giving you the bandwidth you are paying for or you have a hardware issue. If you have SNMP capable devices, a really simple tool is STG

Maximum Segment Size (MSS) – I’ve run into this issue a number of time, mostly when dealing with GRE/DMVPN tunnels. It’s usually fixed on Cisco routers by issuing ip tcp mss 1400. You can read more here: TCP MSS Adjustment

High TCP Retransmissions – This one you’ll probably have to take out Wireshark and start a packet capture from the device that is having issues in your network or use a network tap or even a span port on a switch. If TCP retransmissions are high, you have a problem somewhere in your network. Most commonly on wireless.

TCP Window Scaling – I’ve seen this most commonly on modern firewalls that use Deep Packet Inspection (DPI). Please read more here.

Slow DNS Responses – in most enterprise environments, PC’s will have a local DNS server to query from which would cut down on this problem, however if the server were having CPU/Memory/Disk issues, it can still happen. Likewise, if you do not have a local DNS resolver, and use a remote DNS server, this can also be a problem. I’ve used a tool from Google in the past to help troubleshoot and to point me to the best DNS server based on my network/location called Namebench.

Path MTU Discovery (PMTUD) – This is where the “secure by default” methodology of most firewall’s today may kick you in the butt. By disabling ICMP, you also disable Path MTU Discovery. It’s a simple fix but Cisco has the best explanation I’ve been able to find on it. You can read that here. Then someone felt very strongly about the subject and created a website dedicated to it here.

Routing Issues – In this case it would be poorly configured asymmetrical routing. Traffic goes out on a nice 100 meg connection but comes back to you on your backup 20 meg connection, likely due to a BGP configuration problem.

TCP Offload – Depending on how your servers are configured, this could be a blessing or a curse. I’ve most commonly had a problem with this on virtualized servers where the host/virtual NIC weren’t on the same page. Disabling it helped.

SMB 3.0 Multichannel – Read here for details on it, but simply put, add more network interfaces to your file server and you’ll have better performance.

I have re-created the wheel here somewhat but if you want a single source for some good information on most of these issues, please visit this site.

Also, learn Wireshark. It will become your best friend.

Categories
blog Cisco

Cisco – tcp-small-servers and udp-small-servers

For some truly unknown reason, Cisco’s devices still have support for “small servers” or “simple services”. Examples of these include echo, chargen, daytime and discard.  An attacker could possibly start a denial of service attack (DoS) against one or more network devices with those configured.  In this case; echo and chargen are to blame by allowing an attacker to cause  the chargen service to hit the echo services causing an endless loop of character generation and echo between the two hosts.  To disable this, simply enter the following commands:

configure terminal
no service tcp-small-servers
no service udp-small-servers

These commands can be run on nearly all IOS based Cisco equipment.

Categories
blog Cisco

Cisco Switching – switchport nonegotiate

Dynamic Trunking Protocol (DTP) is a standard feature of Cisco switches and allows two switches to dynamically configure interfaces interconnecting each other to be trunked ports.  DTP has 5 modes; Auto (default), On, Off, desirable and nonegotiate.  These 5 modes all have a purpose.  I have layed out the groundwork below:

  • auto – The default setting allows the port to willingly convert to trunking, however, the port will not trunk unless the neighbor is set to on or desirable.  When two switches are connected together and set for auto, they will NOT trunk.
  • on – This setting forces the port to be a trunk regardless of the neighbor’s settings.
  • off – This setting forces the port to not trunk, even if the neighbor is set to on.
  • desirable – This causes the port to attempt to become a trunk, however, the neighbor would have to be set to on, desirable or auto.
  • nonegotiate – This setting, forces the port to be a trunk but disables DTP frames between the two switches.  This is useful when you are working with non-Cisco equipment and just want to ensure that the ports won’t do anything you do not want them to….this is my preference.

To configure this on your switches, issue the following:


configure terminal
interface g1/0/49
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate

Hopefully this was somewhat worthwhile.  It is very basic so I apologize but this is the easiest way to give you the needed information without boring you to death 🙂

Categories
blog Cisco

Cisco Command Reference

I was working on a client’s network tonight and thought of about 10k topics to blog about.  All the commands on Cisco routers and switches.  The purpose of this would be to help remind me that the basics are not good enought and also expand your mind on what a command does, how to use it and possibly when to implement it.  If at any point I’m completely off my rocker, you know what to do 🙂