Splitting a CSV file

I was a little reluctant to push out a change that would affect nearly 600 Access Points, so I wanted to do it in batches of 100. As the method of input was CSV, I needed to break this up.

The Split command from the GNU coreutils was the perfect solution for my needs.

split -l 100 list.csv –additional-suffix=.csv output/test -d

The output of that command produces the following files, each with 100 lines of data and places them inside the directory named output.


Without the –additional-suffice and -d options the files would not have the extension I was looking for, and it would have been ordered alphabetically instead of numerically.

A review of 2019

2019 was a roller coaster of a year when it came to examinations. Having passed the CCNA Wireless and Security exams on my first attempt I then went on to fail the CCNP SWITCH twice! Due to time constraints and having read other peoples experiences with the CCNP track I’ve decided I will no longer be pursuing it, instead I will now concentrate on the new exams launching in February 2020, starting with ENCOR.

Of the Cisco exams I’ve sat so far, the CCNP Switch exam felt like an extreme exercise in memorising esoteric trivia. There aren’t many topics in this exam but they each require a deep amount of knowledge. With hindsight I would have approached this exam like I did the CCNA Security and used material from a level above, i.e. CCIE.  I wrongly assumed at the CCNP level things would be different but they aren’t, they’re still looking to trip you up with ambiguity. That said, even though I failed this exam I did learn a lot. So it wasn’t a complete waste.

To the future. At the moment the certifications that interest me the most are the following:

I’m currently taking a deep dive into packet analysis. This is a topic that’s been in the periphery for some time but recently a situation in work was the proverbial straw that broke the camel’s back and it sent me down a youtube rabbit hole. On that journey I discovered the hilariously insightful channel Packet Bomb by Kary Rogers. I ended up purchasing his fundamentals course which is excellent. I’m now working my way through Laura Chappell’s “Troubleshooting with Wireshark”, and I’ve also got Wireshark Fundamentals by Jerome Henry / James Garringer queued up on O’Reilly.com. (You can get a year subscription for $99 via ACM.org!).  Sprinkle a ton of videos from past SharkFest events along with Practical Analysis by Chris Sanders and that’s going to keep me busy. Ultimately the goal of this endeavour is being able to diagnose and troubleshoot issues more efficiently.




Next goal: CCNP Routing and Switching

I’ve decided to pursue the CCNP R&S certification with the goal of achieving it before the end of 2019 (I have until February 2020 to get it done before the big refresh!). Based on my current position, this path is the next logical progression. Ultimately I hope the pursuit of this is going to help me diagnose and troubleshoot issues with more efficiency. Recently I’ve recognised gaps in my knowledge that I hope the CCNP R&S will help fill. In preparation for this series of exams I currently have the following material:

  • CBT Nuggets CCNP Routing and Switching series
  • CBT Nuggets CCNP Hands-on lab series
  • CCNP Routing and Switching  Official Cert Guide Premium Edition eBook and Practice Test series
  • CCNP Routing and Switching Portable Command Guide, Second Edition
  • CCNP Routing and Switching series by Kevin Wallace

Certifications aside. I’ve recently been dipping in and out of the following books:

  • Computer Networking Problems and Solutions: An innovative approach to building resilient, modern networks
  • Network Warrior
  • Cisco Networks: Engineers’ Handbook of Routing, Switching, and Security with IOS, NX-OS, and ASA
  • Practical Packet Analysis 3rd edition


My path to the CCNA Security certification

Today I earned the infamous CCNA Security certification. It’s exactly a month later than planned but I’m happy I managed to pass it on the first try. From reading other peoples experiences I went into this exam expecting to see some curve balls and I did.

The biggest complaints I’ve heard from people who have sat this exam is that the official certification guide doesn’t adequately prepare you for it. Also, the blueprint isn’t really that helpful either, see this post in Cisco’s learning forum. Daniel, the author of that post gives his perspective on how he found it, it’s eye opening. With hindsight, I agree. Had I simply used the OCG on its own I would have failed this exam. Even with all the material I went through I wasn’t confident during the exam that I had passed.

Below is a list of all the materials that I used to prepare for this:

  • CCNA Security 210-260 Official Cert Guide Premium Edition and Practice Test, ISBN: 9780134077895
  • CCNA Security 210-260 Complete Video Course
    By Omar Santos, Aaron Woland, Mason Harris
  • 31 Days Before Your CCNA Security Exam (Digital Study Guide): A Day-By-Day Review Guide for the IINS 210-260 Certification Exam (eBook, videos, interactive exercises, quizzes)
  • CCNA Security (210-260) Portable Command Guide, 2nd Edition
    By Bob Vachon
  • Cisco CCNA Security 210-260 IINS (references 640-554 A LOT) with Keith Barker
  • Cisco CCNP Security Firewall (CBT Nuggets)
  • Cisco CCNP Security VPN 2.0 (CBT Nuggets)

I started off with the OCG guide and Keith Barker’s 210-260 + 640-554 video series. Then I binged watched the ‘CCNA Security 210-260 Complete Video Course’ By Omar Santos, Aaron Woland, Mason Harris. All video series were a nice complement to the book. The latter might not be on most peoples radar but I highly recommend it.

For my virtual labs I used Keith Barker’s CCNP Security Firewall videos to get up to speed on ASDM. Along with using the 31 Days Before Your CCNA Security Exam and the Portable Command Guide. The digital version of the 31 Days Before Your Exam was surprisingly good. It has quite a bit of video content and a lot of quizzes throughout. Breaking it down into daily chunks and using it in combination with the Portable Command Guide was a nice combination.

Preparing for this exam was tough as some of the technology that you’re required to know about is simply no longer used in the real world. CCP and ACS being two of them. After installing CCP and briefly experimenting with it, I decided not to invest any more time on it and gambled that it wouldn’t show up on the exam. To practice AAA with tacacs+ I used an open source tacacs+ server to do so. I followed this guide to accomplish that using Ubuntu 18.04 LTS. (Cisco’s ISE was not an option that was available to me).

The practice exams that come with the Premium OCG guide was definitely worth the investment and I would highly recommend it if you’re on the same path.

My thoughts on the exam can be summed up in a single word..meh. I didn’t enjoy it, it was a classic Cisco exam in my opinion. Lots of tricky questions that are worded with a lot of ambiguity. Exam aside I really did learn a lot that’s been directly applicable to my job, which is the most important thing.

[LAB] AAA concepts

Taken from the exam blueprint, the goals for this lab are the following:

2.2.b Configure administrative access on a Cisco router using TACACS+
2.2.c Verify connectivity on a Cisco router to a TACACS+ server

For this lab session I’ll be using:

Ubuntu 19.04 host (
Ubuntu 18.04 LTS server running tac_plus (
7200 series Router (


To setup the TACACS+ server I followed this guide by Keeran Marquis. His guide is for Ubuntu 14.04 LTS but I can confirm it worked fine for 18.04 LTS.

Below is the server configuration file. The first line is where the accounting logs are stored. Next is the encryption key that’s used between the Router and the TACACS+ server. They have to be identical on both. Following that I’ve created two users. Will and test. Will is a member of the admin group. As TACACS+ implicitly denies all commands I’ve had to add the command ‘default service = permit’. Along with setting a privilege level of 15 this will give whoever is a member of the admin group access to do anything. The test user is a member of the read-only group. Even though whoever is in this group has a privilege level of 15 what they can do with it is very restricted.

After verifying that the TACACS+ server is operational and it’s able to reach the Router it’s time to configure the Router.

Router configuration

In the event that the TACACS+ server is unreachable I still need to be able to get onto the device. Below are two users that are setup locally on the Router.

After thoroughly testing local access enable AAA globally with the following command:

R1(config)# aaa new-model

Configure the TACACS server settings:

R1(config)# tacacs server tacsrv
R1(config-server-tacacs)# address ipv4
R1(config-server-tacacs)# single-connection
R1(config-server-tacacs)# key testing123
R1(config-server-tacacs)# exit

* the single-connection command will maintain a single TCP connection for the duration of the session.

Configure the first part of AAA, Authentication.

R1(config)# aaa authentication login default group tacacs+ local-case
R1(config)# aaa authentication login NOAUTH none
R1(config)# aaa authentication login httpAUTH group tacacs+ local-case
R1(config)# line con 0
R1(config)# login authentication NOAUTH
R1(config)# exit
R1(config)# ip http authentication aaa login-authentication httpAUTH

The first three commands are defining 3 different method lists. The first one being default. The default list is automatically applied to all login attempts (console, vty, aux, and http sessions) unless explicitly stated. I’ve provided an example below. You can see the VTY lines have not been given a login authentication method list so the default is used.

If you’re connecting to the Router via its console port the authentication method list is NOAUTH which has a value of none, meaning no authentication required. The last method list is specifically for ip http. So say for example you were attempting to use CCP on port 80, the custom method list of httpAUTH would be requested in that instance.

In the event that the TACACS+ server isn’t reachable the fall-back option is local-case. That will use case-sensitive local access for authentication.

That’s authentication complete, next up authorisation. Before enabling authorisation ensure that you have a local user that has full access rights otherwise you’ll lock yourself out!

R1(config)# aaa authorization exec SRVEXEC group tacacs+ local
R1(config)# aaa authorization commands 15 SRVCMD group tacacs+ local
R1(config)# aaa authorization config-commands
R1(config)# line vty 0 1869
R1(config-line)# authorization exec SRVEXEC
R1(config-line)# authorization commands 15 SRVCMD

The above commands add authorisation for access to the EXEC shell (the CLI) and authorisation for access to privilege level 15 and global configuration commands. Both authorisation lists are then applied to the vty lines. Similarly to the authentication method lists if the TACACS+ server isn’t reachable it will fall back to the local database.

Finally onto accounting. AAA accounting offers the following services that can be kept track of:

system tracks system-level events such as reloads.
network tracks network-related service requests.
exec tracks EXEC shell sessions.
commands tracks all commands at the specified privilege level.

R1(config)# aaa accounting exec ACCEXEC start-stop group tacacs+
R1(config)# aaa accounting commands 15 ACCCMDS stop-only group tacacs+
R1(config)# line vty 0 1869
R1(config-line)# accounting exec ACCEXEC
R1(config-line)# accounting commands 15 ACCCMDS

The first command will send an accounting record at the start of an administrative access session to the device’s EXEC process, and another accounting record to be sent at the end of the session. A second command is added that causes an accounting record to be sent for every privilege level 15 command and every configuration mode command that is entered by the user. Both accounting lists are then applied to the vty lines.

Testing and verification.

On the TACACS+ server I setup two users. will and test. Both are using the same password lab123 (the first is hashed using des and the second is hashed and salted using MD5). Using the following commands we can test both:

R1#test aaa group tacacs+ will lab123 legacy
Attempting authentication test to server-group tacacs+ using tacacs+
User was successfully authenticated.

R1#test aaa group tacacs+ test lab123 legacy
Attempting authentication test to server-group tacacs+ using tacacs+
User was successfully authenticated.

Below is a screenshot highlighting the successful SSH connections using both will and test user accounts. It also shows the accounting log file that confirms the successful connection and disconnection from both users and how long they were connected for.

Here’s an example of the user test attempting to run some show commands that it’s not authorised to use:

Next I’m now logged in as an administrator that’s making changes. Here’s the output of the accounting log file showing changes that have been made:

For debugging purposes the following commands are very useful.

R1# debug aaa authentication
R1# debug aaa authorization
R1# debug aaa accounting
R1# debug tacacs


Having the ability to centrally manage users, limit access and also view any changes that have been made really highlights the benefits of having AAA. This was a fun lab to complete.


[LAB] Secure Copy


2.1.e Use SCP for file transfer.

For this lab session I’ll be using:

Ubuntu Desktop 19.04
Cisco 7200 series Router


Out of the box the 7200 series Router that I’m using doesn’t have any flash or disk space available, but you can add them. Under ‘Configuration’ >  ‘Memories and disks’ an option to add PCMCIA disks is available.

Here they are on boot-up:

Router config:

R1(config)# ip domain-name layerunknown.com
R1(config)# crypto key generate rsa general-keys modulus 2048
R1(config)# username admin privilege 15 secret cisco
R1(config)# aaa new-model
R1(config)# aaa authentication login default local
R1(config)# aaa authorization exec default local
R1(config)# ip scp server enable

Host machines are getting IP addresses via DHCP from the Router. The Router’s address is

Testing and verifying SSH.

You might be wondering why I’m specifying the cipher. If I don’t I’ll receive the following error:

Unable to negotiate with port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

Lets actually check the fingerprint. On the Router enter the following command:  show ip ssh

Copy from ssh-rsa to the end of the string and put it into a file. Remove any unnecessary white space and newlines and save the file, I saved it as test.pub.

Then execute the following command: ssh-keygen -lf test.pub

-f filename
Specifies the filename of the key file.

-l Show fingerprint of specified public key file. For RSA and DSA keys
ssh-keygen tries to find the matching public key file and prints its fin‐
gerprint. If combined with -v, a visual ASCII art representation of the
key is supplied with the fingerprint.

Comparing the output from that command to the RSA fingerprint we received when making the initial SSH connection we can see they match.

We’ve verified we’re connecting to the right device and that SSH is working. Lets test the PCMCIA disks work.

copy running-config disk0:

dir disk0:

Now for SCP.

I’ll first copy the running-config we just saved to disk0 from the router to my local machine. The following commands are being executed from the Ubuntu host.

scp -c aes256-cbc admin@ /home/admin/Desktop

This command is logging into the remote host at with the username admin then copying the file ‘running-config’ from disk0 and placing it onto my Desktop.

Then I’ll test the other direction by uploading test.pub from my local machine to disk0 on the router.

scp -c aes256-cbc ~/Desktop/test.pub admin@

See the results in the screenshot below:

Using the dir and more commands on the router we can verify this.

SCP lab complete.


GNS3 QEMU SPICE – Enabling copy and paste

The following needs to be added in the QEMU VM template (or node) additional settings/options:

-device virtio-serial -chardev spicevmc,id=vdagent,debug=0,name=vdagent -device virtserialport,chardev=vdagent,name=com.redhat.spice.0 -chardev spiceport,name=org.spice-space.webdav.0,id=charchannel0 -device virtserialport,chardev=charchannel0,id=channel0,name=org.spice-space.webdav.0


** Adding “-usb -usbdevice tablet” will fix strange mouse behaviour on Windows guest machines.

*** To copy from a Windows guest to a Linux host install the spice-guest-tools for Windows from http://spice-space.org. Source.

Obtaining Cisco software directly from a Server

Recently I’ve been updating Cisco ASA FirePOWER modules and I ran into a situation where I was attempting to do this tethered to my phone. Pushing GBs of files over my weak 4G signal wasn’t going to cut it. I’m vaguely familiar with Wget having used it on the odd occasion over the years and simply searched for “wget cisco”. This awesome blog post by Nick Bettison provided the solution I was looking for. I’m posting this here simply for posterity.

Old method:
Cisco -> My local machine -> Server -> ASA

New method:
Cisco -> Server -> ASA

Instead of downloading images to my local machine then uploading it to a server and eventually the ASAs, I would skip the first step and obtain the Cisco software from my server instead. This is where Wget comes into play.

It’s a bit of hacky solution but it works well. Go through the download process like you typically would, once you’ve initiated the download you can then obtain the download link. Nick recommends using Firefox for this as Chrome doesn’t seem to provide that information. On the Downloads page simply right click on whatever it is you’re downloading and select “copy download link”. From this point you can cancel the download then move onto your *nix box. (Unfortunately you can’t simply copy and paste a download link directly from Cisco as you have to agree to Cisco’s terms and conditions as a prerequisite to the download becoming available. Even then there’s no direct link, it just launches the download). On your *nix box execute the following command:

wget -O name-of-file.pkg "https://link-you-have-just-copied.cisco.com"

  • The double quotes are important!

I also stumbled upon another solution using curl:

curl -JLO http://www.vim.org/scripts/download_script.php?src_id=9750

-O uses the remote name, and -J forces the -O to get that name from the content-disposition header rather than the URL, and -L follows redirects if needed.

If anyone has a better suggestion please let me know.

My path to the CCNA Wireless certification

I recently earned the CCNA Wireless certification using the following materials:

  • David Hucaby’s CCNA Wireless 200-355 OCG deluxe edition
  • CWNA 5th edition study guide
  • Keith Barker’s CCNA Wireless path over on CBT Nuggets
  • Jerome Henry’s CCNA Wireless CCNA Wireless 200-355 video series
  • CCNA Wireless 200-355 WIFUND flash cards from neckercube.com
  • YouTube

I really enjoyed this certification path, both the official certification guide and the CWNA are great reads. The CWNA is an absolute unit of a book to get through, definitely requires another re-read, I’ve been using it as a reference tool for work it’s that good. The reason I chose to go down the CWNA route is because I heard so many good things about it from the ‘WLAN professionals’ and the ‘Clear to Send’ podcasts. Also, the CCNA book is now nearly 4 years old now. The CWNA 5th edition is about 6 months old (as of this post), so it covers a lot of technology that’s in use right now and whats to come. What I also like about the CWNA is that it’s vendor agnostic, it covers the fundamentals very well. It also has an awesome community around it! I highly recommend both these books. A big thank you to David Hucaby, David Walcott and David Coleman for producing this fine content. (What is it with Wireless technology authors and the name David, is it a prerequisite?)

Onto my Youtube rabbit hole adventures. The following is a list of videos that I genuinely found enlightening:

Electromagnetic Waves – with Sir Lawrence Bragg

Bob Richardson lectures on the propagation of electromagnetic radiation (1981)

Antenna Fundamentals made by the Film Board of Canada for the Royal Canadian Air Force

Electromagnetic waves. EM spectrum, energy, momentum. Electric field and magnetic field. Doppler shift. Polarization. By Professor Matt Anderson.

HAM Radio Basics- HAM 101

With hindsight I wish I discovered Jerome Henry’s CCNA Wireless video course earlier and the flash cards from neckercube.com. The reason being is that Jerome’s content is sublime, it also covers topics such as Cisco ISE and Prime. It’s very difficult getting information on these unless you work within in the industry.

Even though I’ve got access to the Cisco OCG through Safari books online it unfortunately doesn’t give you access to the practice exams. I purchased the deluxe edition for this reason. I also ended up using the epub format of the book instead of Safari’s online web application. It’s a lot easier to work with and way faster to navigate. The practice tests that come with the deluxe edition is worth the price of the ebook in my opinion. They definitely helped.

Typically I find it difficult judging how ready I am to sit any exam. I tend to go over the blueprints to get a feel of how well I know the material.  I find practice tests and flash cards really help to expose knowledge gaps. The little DIKTA questions that are typical of books are easy to memorise if you go through them enough, so it’s easy to convince yourself that you know the material, instead you just remembered the order of the answers! At least the online practice exams shuffle the answers.

Do you need physical equipment? For the CCNA Wireless, I would say no, but it definitely helps. For the CWNA it’s something I’m looking to invest in. Just out of curiosity I want to see for myself how much a leaky microwave affects the 2.4 GHz spectrum (my microwave is old), I want to see how certain materials attenuate the signal, do those marketing claims actually hold up and so on.

Next it’s the infamous CCNA Security exam. Once I’ve accomplished that I will then return to the Wireless realm to sit the CWNA exam. That should keep me busy for the next 2-3 months.

6 month overview as an ‘Network Engineer’

Six months after obtaining the CCNA in Routing and Switching I managed to land a position as an ‘Network Engineer’. I’ve now been in this role for 6 months. So what exactly is it that I do? A typical day varies. Of the 6 months I’ve probably been out of the office for 2 of them. So far I’ve configured and installed a variety of new equipment (switches, routers, access points, firewalls, wireless LAN controllers), troubleshooting issues with existing networks, actioning requests, performing site surveys, auditing, cable management, helping with design and sales. If there’s any lull periods that’s normally devoted to updating / cleaning up documentation, checking network monitoring systems or learning about something new that’s on the horizon (like SD-WAN).

A lot of the work that I do comes to me via email and our ticketing system. A client request could be anything from poking holes in Firewalls, setting up SPAN, configuring VLANs, troubleshooting bottlenecks, setting up VPNs and so on.

The biggest challenges for me have been Firewalls, VoIP and Wireless. Of the businesses we support all 3 of them are significant components of their networks. VoIP is the most alien to me and I don’t really have an interest in it at all, so that’s where I struggle the most. It looks like VoIP is set to become the standard method for voice communications now as BT is phasing out PSTN in favour of FVA.

One thing that I would like to point out that I haven’t been involved in working with much is Routing. I haven’t touched anything Routing related yet, other than verifying routes. I haven’t implemented any Routing designs or made changes. My knowledge in this area has definitely atrophied, time to lab it up!

Below is a brief overview of the things I’ve been exposed to, and how it’s coincidentally changed my goals. Begrudgingly I’ve temporarily postponed my freeCodeCamp progress to put all my energy into getting up to speed. I still feel like I’m barely scratching the surface, impostor syndrome is my shadow and treading water has become the norm. That being said, I’m enjoying it. It’s challenging and varied work.

Off the top of my head here are the things that I’ve encountered so far.

Cisco ASAs (in particular working with ASDM)
Cisco FirePOWER
Cisco Umbrella
Cisco Meraki
Cisco AnyConnect (lots of VPN)
Cisco Prime
Cisco ISE
Cisco DNA

Occasionally bumping into the following hardware :

Mitel (particularly phones)
HP ProCurve

Documentation tools :

Microsoft Visio
Lucid Charts
Excel + Word

Network monitoring :


Wireless :

AirMagnet Survey
Cisco Prime

Configuration management :

Useful tools :

Air Console (ever consoled into a device from the comfort of your car?)
MetaGeek inSSIDer (a great tool for diagnosing Wireless problems)
Cagenut Insertion and Removal Tool (no longer pinging cage nuts into the ether!)

I’ve been involved in installing and configuring a large variety of hardware, primarily Cisco that includes the following :

Routers / Firewalls
ASA 5500-X series
ISR 800 & 4000 series
RV300 series

Cisco 9300
Cisco 250 series
Cisco 350x series
Cisco 2900 series
Meraki MS series

Wireless LAN controllers

Wireless Access Points
Cisco 500 series
Aironet 3800 series
Aironet 1800 series
Aironet 3700 series
Meraki MR series
DrayTek VigorAP 900 series

What next

I had planned on working towards the CCNP in Routing and Switching but out of sheer necessity for my current role I’ve decided to pursue the CCNA Wireless, CWNA and CCNA Security. A lot of work I’ve been doing recently has been configuring Wireless devices, dealing with bad Wireless design/implementation and having to perform Wireless site surveys. Along with working with Firewalls, VPNs and site to site IPSec tunnels. The certifications I’ve listed covers all those areas. Unfortunately the CCNA Security isn’t quite enough for managing ASAs though, looks like I’ll need to venture down the CCNP track for more in-depth information.

Configuring Cisco 5500 and 3500 Wireless LAN controllers
Configuring Cisco 5500 and 3500 Wireless LAN controllers

To conclude

I was concerned that my CCNA in Routing and Switching may have been too theoretical but in reality a lot of what I’ve learned has been directly applicable to the role that I’m in. With hindsight it was a great investment and I’m grateful for the position I’m in, I’m also excited to continue learning and developing.

This is the first time I’ve had the chance to pontificate on my accomplishments. Landing this job was huge for me. It stoked my desire to continue learning and moving forward in this field. It’s inspired me to set goals that I’m currently working towards. For those out there working towards a similar goal and are unsure if it’s worth pursuing this without a guarantee of a job, I want to emphasise this point. People move on, whether they get bored or are offered a position else where, some even retire. There’s always going to be positions available. It may take some time, it took me 6-7 months of searching and applying before I was offered a position, don’t give up!