Britain’s Best Bombay Mix

Bombay Mix is an snack, originally derived from the Indian subcontinent, made of (usually) gram flour noodles, lentils, and peanuts. It comes from a family of snacks that differ in their ingredients but the key thing is that bombay mix never has currants in it (unlike the unpleasant KCB Chin Chin Mix).

I like it, a lot, but there are many different makes these days, under a variety of names, so how do you know which are good?

That is what I hope to tell you… so onto the Bombay Mix, in order of eating – reviewed by myself and occasionally also my middle son.

At some point I should list these in preference order I suppose but that would spoil your fun reading through the list.

Name: Spicy Balti Mix
Maker: Cofresh, Leicester (www.cofresh.com)
Purchased From: Tesco, Loudwater
Look: Larger noodles, contains red-skin peanuts, obviously green peas and chick peas.

Opinion: Really quite spicy. Good crunch.

Name: Mild Bombay Mix
Maker: Cofresh, Leicester (www.cofresh.com)
Purchased From: Tesco, Loudwater
Look: Larger noodles, contains red-skin peanuts, obviously green peas and chick peas.

Opinion: Somewhat bland and lacking in heat. Good crunch and not unpleasant if you really don’t want to surprise or harm your guests!

Name: Bombay Mix
Maker: Imperial, Wolverhampton
Purchased From: Asda, High Wycombe
Look: Traditional sized noodles, with split lentils and red-skin peanuts.

Opinion: Mild flavour with clear cinnamon taste and smell. Refreshing change from normal style but can be a bit overpowering after 4/5 mouthfuls.

Name: London Mix
Maker: Imperial, Wolverhampton
Purchased From: Asda, High Wycombe
Look: Traditional sized noodles,  with  split lentils, red-skin peanuts and chick peas.

Opinion: Pleasant enough but not very spicy. Tend to end up with a dry mouth quite quickly.

Name: Delhi Mix
Maker: Imperial, Wolverhampton
Purchased From: Asda, High Wycombe
Look: Traditional sized noodles, with split lentils, red-skin peanuts, chick peas, and green peas (that are coloured red)

Opinion: The extra green peas (that are red…) make this really quite hard work on the jaw and makes it even more mouth drying than the London Mix. Again like London Mix it is not very spicy.

Name: Bombay Mix
Maker: KCB, Bradford (www.kashmircrownbakeries.com)
Purchased From: Exotic Foods, High Wycombe
Look: Traditional sized noodles, with two kinds of split lentils and red-skin peanuts.

Opinion: The King of Bombay Mix. The right amount of crunch and the right amount of spice.

Name: Bombay Mix
Maker: Krunchi, Walthamstow
Purchased From: Exotic Foods, High Wycombe
Look: Mixed size noodles,  split lentils and red-skin peanuts, all with a definite reddish tinge

Opinion: The large noodles tend to dry the mouth out and dull the taste, but the peanuts are very good and overall there is about the right level of heat.

Name: Karachi Crunch
Maker: Imperial, Wolverhampton
Purchased From: Asda, High Wycombe
Look: Traditional sized noodles,  split lentils and peanuts, with sunflower seeds and puffed rice.

Opinion: The dry roasted peanuts and sunflower seeds nicely dominate the taste of this pleasantly spiced snack. You don’t really notice the puffed rice and the lentils are barely present in the taste. A nice change from the usual mix.

Name: London Mix
Maker: Cofresh, Leicester (www.cofresh.com)
Purchased From: Asda, High Wycombe
Look: Traditional sized noodles,  two kinds of split lentils and red-skin peanuts

Opinion: Almost as good as KCB Bombay Mix though slightly less peanuts and a shade less spice mean it can’t quite muster as many points.

Name: Luxury Bombay Mix
Maker: Imperial, Wolverhampton
Purchased From:
Look: Traditional and larger sized noodles,  split lentils, red-skin peanuts, cashew nuts, and chickpeas.

Opinion: Disappointingly floury version of Imperial London Mix with added cashew nuts. Far too much noodle floor.

Name: ASDA Snacking Bombay Mix
Maker: ASDA
Purchased From: ASDA
Look: Traditional and larger sized noodles,  split lentils, red-skin peanuts, and chickpeas.

Opinion: Looks better than it tastes. Lacking in heat and surprising dull taste. Not at all cheaper than buying the ‘asian’ packaged foods from the ‘World Foods’ section of the supermarket. This was in the crisps and snacks aisle so perhaps it is quantity that is meant to be the attraction.

Name: Kerala Taste Spicy Mixture Hot
Maker:
Purchased From:Best Foods, Surbiton
Look: Traditional sized noodles,  oddly shaped gram flour spindles, curry leaves,  ground nuts , large potato fritters.

Opinion: Definitely hot, this was a flavoursome Sri Lankan take on Bombay Mix. (Maybe there was something political in not calling it Bombay Mix?)

Name: Go Snacks! Bombay Mix
Maker: Cofresh Snack Foods Ltd, Leicester (www.cofresh.co.uk)
Purchased From: Tesco
Look: Traditional sized noodles,  split green and yellow lentils, red-skin peanuts.

Opinion: Although it looked a bit bland, this was actually quite tasty with a reasonable afterburn in the mouth. It was a bit short on peanuts as far as I was concerned.

Name: Cofresh Bombay Mix
Maker: Cofresh Snack Foods Ltd, Leicester
Purchased From:
Look: Traditional and larger sized noodles,  split lentils, red-skin peanuts, and chickpeas.

Opinion: A reasonable combination but the larger noodles were a little drying. In this instance my son got to them before I did…

Name: Haldiram’s Bombay Mix
Maker: Haldiram Manufacturing Co PVT Ltd, New Dehli (www.haldiram.com)
Purchased From: ASDA
Look: Traditional sized noodles with peanuts, peas, and an abundance of yellow split lentils.

Opinion: Slightly hot on the back of the throat with a distinctive and not altogether pleasant aftertaste, on the barbecued side, perhaps because of overheated asafoetida/mango powder?

Name: Chewra Mix (Delicious Bombay Mix Variety)
Maker: Cofresh Snack Foods Ltd, Leicester
Purchased From: ASDA, High Wycombe
Look:Traditional and larger sized noodles with peanuts, peas, plain and coloured chickpeas, split lentils, puffed rice.

Opinion:A colourful and quite tasty mix, though tending towards drying the mouth, again because of those larger noodles.

Name: Saki Savoury Snacks Bombay Mix
Maker: Saki Snacks Ltd, Perivale, London
Purchased From:
Look:Traditional and larger sized noodles with lots of peanuts, peas, plain and coloured chickpeas, split lentils.
Bag Size: 140g
Price: £1.00 (July 2010)

Opinion:Reasonable taste, though very mild. Nice peanuts. Perhaps tending towards staleness.

Name: Kashmir Mix
Maker: Cofresh Snack Foods Ltd, Leicester
Purchased From: ASDA, High Wycombe
Look:Larger sized noodles with peanuts, green split peas, chickpeas, and lentils.
Bag Size: 500g
Price: £? (September 2010)

Opinion: Dull/bland, with a hint of heat at the edges.

Name: Classic Bombay Mix
Maker: Regal Fine Foods, Bradford (www.rfplc.com)
Purchased From: Medina Stores, Newcastle
Look: Traditional sized noodles with the odd large one for good measure, redskin peanuts, lentils
Bag Size: 450g
Price: £1.29 (September 2010)

Opinion: An excellent taste and look. They have kept it simple and that has paid off.

Pictures to follow:

Name: Bombay Mix
Maker: UK Snack Ltd trading as A.Nageena, Leyton, London (www.nageena.net)
Purchased From: Newsagent, High Wycombe
Look: Traditional noodles with a few of the larger size, peanuts and cashew nuts, lentils and split peas, golden sultanas, coconut
Bag Size: 120g
Price: £0.59 – (2 for £1) (July 2010)

Opinion: Everything looked normal as I poured it out onto the plate, and taste-wise it was fairly run off the mill with peaks of mild heat. The flavour was naggingly odd at times and then I realised it had sultanas…

Name: Bombay Mix
Maker: NBTY Europe Ltd, Burton on Trent
Purchased From: Julian Graves, High Wycombe
Look:Traditional sized noodles, well coloured, peanuts, lentils, chick peas, raisins – though I could find no trace of them in the bag, thankfully.
Bag Size: 400g
Price: £0.99 (October 2010)

Opinion: Moderate heat and moderate taste. Attractive colour. A middle of the road snack and a good introduction to Bombay Mix.

Name: Bombay Mix
Maker: Marks & Spencer
Purchased From: Marks & Spencer, High Wycombe
Look: Larger and traditional noodles, peanuts, cashews, pistachio nuts, toasted coconut flakes
Bag Size: 300g
Price: £2.05 (October 2010)

Opinion: An upmarket presentation of Bombay Mix but rather dull in the heat department, and over complicated in my opinion. The coconut and pistachio nut combination adds a sweetness that is rather like having sultanas. Good if you want to make a good impression to the upper classes but won’t win you any favours with an asian audience.

Name: Khatta Meetha
Maker: Haldiram Manufacturing Co PVT Ltd, New Dehli (www.haldiram.com)
Purchased From: Medina Stores, Newcastle
Look: Very pale on the plate, traditional and thin noodles, puffed rice, green peas and peanuts.
Bag Size: 200g
Price: £1.39 (September 2010)

Opinion: The pack proudly says ‘zero cholesterol’ but it is instead sickly sweet with 7% sugar content. Far too sweet for mass consumption, and not enough peanuts.

Name: Hot Bombay Mix
Maker: KCB, Bradford (www.kashmircrownbakeries.com)
Purchased From: Medina Foods, Newcastle
Look: Darker traditional sized noodles, peanuts, mixed lentils.
Bag Size: 450g
Price: £1.29 (November 2010)

Opinion: Oh Lordy. A beautifully spicy, tasty mixture evocative of my 1970’s upbringing. Hot on the back of the throat without being acrid. Just what I expected from KCB.

Name: Kashmiri Mixture
Maker: Haldiram Manufacturing Co PVT Ltd, New Dehli (www.haldiram.com)
Purchased From: Medina Stores, Newcastle
Look: Darkish, traditional and micro noodles, cashew nuts, puffed rice, musk melon seeds
Bag Size: 200g
Price: £1.69 (September 2010)

Opinion: Another Zero Cholesterol bag with a (rather ineffective) ziplock which is good for keeping the contents fresh. Definite zing of heat and strong taste of cumin and mace. Unusual texture is interesting and this does make a nice change from traditional Bombay Mix. Recommended as something worth trying.

Name: Traditional Savoury Mix – Bombay Mix
Maker: Ginni Enterprises, Middlesex
Purchased From: High Wycombe Grammar School
Look: Traditional sized noodles, sometimes aggregated. Peanuts, lentils.
Bag Size: 140g
Price: £0.60 (October 2010)

Opinion: Nothing special in terms of presentation or taste.

Name: Bombay Mix
Maker: Yaadgaar,
Purchased From: Medina Foods, Newcastle
Look: Small noodles, plenty of lentils, peanuts.
Bag Size: 380g (well actually tub size).
Price: £0.99 (November 2010)

Opinion: Quite ordinary in texture and taste albeit with a distinct lemon aftertaste, though there is no mention of lemon as an ingredient or flavouring. Might be unpleasant eating in larger quantities.

Name: Indian Style Bombay Mix
Maker: Tesco
Purchased From: Tesco, Loudwater
Look: Contains sultanas… but otherwise a standard mix with larger size noodles.
Bag Size: 200g
Price: £1.10 (October 2010)

Opinion: Slightly drying, though the sultanas do actually add to the flavour by giving a sweetness. Nothing special.

Name: Sunrize Snacks Bombay De Luxe
Maker: Wilton Wholefoods, Salisbury
Purchased From: Village Store, Bradfield (Berkshire)
Look: Larger noodles, marrowfat peas, chick peas, peanuts, lentils.
Bag Size: 125g
Price: £1.75 (January 2011)

Opinion: Reasonably tasty, and the larger noodles don’t dry out your mouth. Expensive but edible.

Name: Rajbhog Punjabi Mix
Maker: Rajbhog Foods Ltd, Wembley (www.rajbhogfoods.co.uk)
Purchased From: Medina Foods, Newcastle
Look: Small noodles, peanuts, lentils, green peas, potato chipsticks.
Bag Size: 300g
Price: £0.99 (October 2011)

Opinion: It says “Too Tasty To Put Down” but it isn’t. It is actually quite dull. The chipsticks are interesting but don’t make up for the lack of peanuts.

Name: Regal Bombay Mix
Maker: Regal Food Products Group Plc, Bradford
Purchased From: Medina Foods, Newcastle
Look: Larger noodles, peanuts, lentils, chick peas, green peas.
Bag Size: 450g
Price: £1.09 (October 2011)/£0.99 (April 2012)

Opinion: Classic ingredients and a classic taste. Very good combination and got a definite thumbs up from my children. Last bag had slighty reddish tinge hinting at a dangerous level of chilli powder but that was not borne out in the taste. Whilst not as good as the Classic Bombay Mix from the same company, still very appealing.

Name: Go Snacks! Bombay Mix
Maker: Cofresh Snack Foods Ltd, Leicester (www.cofresh.co.uk)
Purchased From: Asda
Look: Traditional sized noodles, split green and yellow lentils, red-skin peanuts.
Bag Size: 400g
Price: £0.87 (January 2011)

Opinion: A new pack design, now with more peanuts but a blander flavour, which is a shame. Seems to be quite lacking in any chilli spice punch which perhaps explains it’s relatively cheap (albeit special offer) price.

Name: Best-in Spicy Bombay Mix
Maker: Bestway (Holdings) Ltd, London
Purchased From: ‘an asian food store’, High Wycombe
Look: Larger noodles, peanuts, lentils, split peas, raisins, cashew nuts
Bag Size: 450g
Price: £1.15 (February 2011)

Opinion: Oh dear, raisins

Awaiting Pictures:

Name: East End Bombay Mix
Maker: East End Foods plc
Purchased From: Medina Foods, Newcastle
Look: Larger noodles, chick peas, peanuts, lentils.
Bag Size: 400g
Price: £0.99 (October 2011)
Opinion: Nothing special, pleasant enough but tending to blandness. Excellent price makes this a good way to start children on the path to loving Bombay Mix.

Test results coming soon, when I have finished eating the other bags:

Name: Smart Price Bombay Mix
Maker: ASDA
Purchased From: ASDA, High Wycombe
Look: Larger noodles, split peas, chick peas, peanuts, cashew nuts, lentils.
Bag Size: 200g
Price: £0.59 (reduced from £0.69, November 2010)
Opinion: Looks cheap…

OSX 10.14 Mac audio inbound to headset fails after 3 minutes 58 seconds (almost 4 minutes)

I had this issue that had been plaguing me for months – the loss of outbound audio from my Microsoft Lifechat LX3000 headset under Mojave (10.14.6) after a random period of time – or rather the breakup of the voice to other participants. It was joined after a time by the loss of the inbound audio to my ears via the headset after (exhaustive testing) of about 4 minutes – actually 238 seconds consistently. It did not happen if I played to the analogue or optical 3.5mm out ports on my Mac (a Mac Pro ‘trashcan’). It didn’t matter whether I used audio utilities like SoundSource or not.

I could see in the System Console that the coreaudiod daemon was crashing or rather missing samples at the same time as the headset out started failing. I could find no fix until I went to Big Sur 11.6.2 though that brought problems with windowserverd crashing and then SIGABRTing causing a machine restart! A move to 12.1 Monterey (or 12.3) hasn’t fixed that issue.

So this isn’t a massively helpful blog post – except for the 3 minutes and 58 seconds bit…

A possible fix appears to be to set the Format to 48,000 Hz in the Audio Midi Setup utility, rather than 44,100 Hz

Cisco 887 router LAN or Cisco switch port shown as down, down?

Yet another ‘unusual’ Cisco IOS Ethernet port issue – you’d almost think I bring this on myself by having a complicated home network!

I was configuring a Cisco 887VA-M on my home network and had finished so I plugged the FastEthernet0 port into my underdesk Cisco 2960X so it was part of the LAN.

On the connected console to the 887 I noticed
*Nov  9 14:38:23.303: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down
*Nov  9 14:38:56.947: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down
*Nov  9 14:39:29.127: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down
*Nov  9 14:40:01.179: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down
*Nov  9 14:40:33.307: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down
*Nov  9 14:41:05.595: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down
*Nov  9 14:41:37.479: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down

eh?

Down messages but no up message. Lets look at the interfaces on the box:

887VAM_RR:#sh ip int br
*Nov  9 14:42:09.687: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down
Any interface listed with OK? value “NO” does not have a valid configuration

Interface                  IP-Address      OK? Method Status                Protocol
ATM0                       unassigned      YES manual down                  down
Dialer1                    unassigned      YES manual up                    up
Ethernet0                  unassigned      YES unset  administratively down down
FastEthernet0              unassigned      YES unset  down                  down
FastEthernet1              unassigned      YES unset  down                  down
FastEthernet2              unassigned      YES unset  down                  down
FastEthernet3              unassigned      YES unset  down                  down
NVI0                       unassigned      NO  unset  up                    up
Virtual-Access1            unassigned      YES unset  up                    up
Vlan1                      192.168.70.253  YES manual down                  down

Change the cable. No difference.

Try another port on the 887. No difference.

Try another port on the 2960X. No difference.

Nothing special listed when I look at the FastEthernet interface on the router:

887VAM_RR:#sh int faste0
FastEthernet0 is down, line protocol is down

or the VLAN interface:

887VAM_RR:#sh int vlan1
Vlan1 is down, line protocol is down

Is the router damaged? – No

Is there an issue with the FastEthernet controller? – No

Dodgy VLAN.DAT file in the flash? – No

Is the FastEthernet0 interface not part of VLAN1:

887VAM_RR:#sh vlan-switch

VLAN Name                             Status    Ports
—- ——————————– ———
1    default                                 active    Fa0, Fa1, Fa2, Fa3

No issue there then.

Reload, that will work. No difference.

Speed, Duplex – I am clutching at straws now. Nothing seems amiss and nothing works regardless of what values I set.

Nothing found in Google that is relevant (hence why I am writing this article to help you, the reader, out if it happens to you)

Reload again.

Hey what’s this?

*Nov  9 15:25:03.383: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down
*Nov  9 15:25:03.383: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1, changed state to down
*Nov  9 15:25:03.383: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2, changed state to down
*Nov  9 15:25:03.383: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3, changed state to down
*Nov  9 15:25:05.915: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0 (not half duplex), with Switch GigabitEthernet1/0/4 (half duplex).
*Nov  9 15:25:07.143: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down
*Nov  9 15:25:42.375: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down

So my router can see across the Ethernet link to the other side. What is going on!

887VAM_RR:>sh cdp ne
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
                  S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone,
                  D – Remote, C – CVTA, M – Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Switch           Fas 0              139            R S I  WS-C2960X Gig 1/0/4

so I can see the other side. Yet still with the messages:

*Nov  9 15:25:07.143: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down
*Nov  9 15:25:42.375: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to down

Where is the other side gone now?!

887VAM_RR:#sh cdp nei
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
                  S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone,
                  D – Remote, C – CVTA, M – Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID

Right let’s plug in a laptop to the Ethernet port instead:

*Nov  9 16:06:42.543: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Nov  9 16:06:43.543: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Nov  9 16:07:11.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

Boom!

So it must be the other end causing the issue. Then I notice that the other end never had a link light. I never noticed because the 2960X is under the desk.

Then it dawns on me. I set the ports on the 2960X to bpduguard to make sure that if I plug in a switch it doesn’t cause a spanning tree loop. That is why the port doesn’t come up on the Ethernet 877 router because the LAN ports are actually 4 switch ports. Doh!

Checking the log on the 2960X shows:

000723: Nov  9 15:53:07.620: %PM-4-ERR_DISABLE: bpduguard error detected on Gi1/0/6, putting Gi1/0/6 in err-disable state
000724: Nov  9 15:53:37.616: %PM-4-ERR_RECOVER: Attempting to recover from bpduguard err-disable state on Gi1/0/6
000725: Nov  9 15:53:39.629: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Gi1/0/6 with BPDU Guard enabled. Disabling port.
000726: Nov  9 15:53:39.629: %PM-4-ERR_DISABLE: bpduguard error detected on Gi1/0/6, putting Gi1/0/6 in err-disable state
000727: Nov  9 15:54:09.618: %PM-4-ERR_RECOVER: Attempting to recover from bpduguard err-disable state on Gi1/0/6
000728: Nov  9 15:54:11.646: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Gi1/0/6 with BPDU Guard enabled. Disabling port.

so that explains why the port on the router goes down every 30 seconds or so, I had autorecovery set on the 2960X, so it would bring the port back up, see the BPDU from the router LAN switch ports and disable the Ethernet port facing the router again.

interface GigabitEthernet1/0/6
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable

easily fixed with

Switch(config-if)#no spanning-tree bpduguard

3,2,1, fix the duplex issue, and we are back in action and I can get on and configure the ATM/Dialer1 interface.

so next time you see

%LINK-3-UPDOWN: Interface FastEthernet0, changed state to down

maybe it will be the other end that needs to be sorted.

 

 

 

 

 

 

 

 

Cisco switch interface Up but Line Protocol Down?

It is pretty unusual to find an Ethernet interface on a Cisco device which looks like it is working at Layer 1, so you get a Green link light on the Cisco device, but where it is not working at Layer 2 – so you can see no incoming Ethernet packets.

Of course I had just such an instance yesterday when VOIP phones were not picking up an IP address from the DHCP server running on a Cisco switch. Other devices clearly where, including same make/model VOIP phones in other parts of the network.

What was common was that all the phones with problems were connected eventually back to port G1/0/12 on the Cisco switch which had the DHCP server. This had a link light…

I looked at the interface:

Switch#sh int g1/0/12
GigabitEthernet1/0/12 is up, line protocol is down (monitoring)
  Hardware is Gigabit Ethernet, address is 5017.ff29.9c0c (bia 5017.ff29.9c0c)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 04:41:16, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected

So this interface has Line Protocol down, why?

I didn’t really focus on the word ‘monitoring’. Maybe it was a duplex or speed issue causing the non-passage of packets – but the negotiated value (Full-duplex, 100Mb/s) was right.

Maybe it was the cable. I decided to do a TDR test, because this was a modern day IOS and I could!

Switch#test cable-diagnostics tdr int g1/0/12
TDR test started on interface Gi1/0/12
A TDR test can take a few seconds to run on an interface
Use 'show cable-diagnostics tdr' to read the TDR results.

Switch#show cable-diagnostics tdr int g1/0/12
TDR test last run on: September 22 15:28:12

Interface Speed Local pair Pair length        Remote pair Pair status
--------- ----- ---------- ------------------ ----------- --------------------
Gi1/0/12  100M  Pair A     N/A                N/A         Not Completed
                Pair B     N/A                N/A         Not Completed
                Pair C     N/A                N/A         Not Completed
                Pair D     N/A                N/A         Not Completed

Okay, err, so no results. So I wondered whether I had used this switch for something else and forgotten to reset it – sometimes I do this when I need a couple of ports to monitor something. So I did a search in the config:

Switch#sh run | inc moni
monitor session 1 source interface Gi1/0/1
monitor session 1 destination interface Gi1/0/12

Bingo!

So I switched this off:

Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#no monitor session 1
Switch(config)#exit

Switch#sh run | inc moni
Switch#

and immediately the line protocol came up.

Sep 22 15:38:33.746: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/12, changed state to up
Sep 22 15:38:33.750: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/12, line protocol is up (connected)

which was easily confirmed by looking at the interface again:

Switch#sh int g1/0/12
  Hardware is Gigabit Ethernet, address is 5017.ff29.9c0c (bia 5017.ff29.9c0c)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:05, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 3000 bits/sec, 3 packets/sec
  5 minute output rate 4000 bits/sec, 3 packets/sec
     268 packets input, 33790 bytes, 0 no buffer
     Received 44 broadcasts (4 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 4 multicast, 0 pause input
     0 input packets with dribble condition detected
     94229 packets output, 75993256 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     1 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

Lesson – always factory reset switches before you use them for some other purpose.

Network Support Trueisms

This is a list of things that are inevitably true, written from the point of someone who has done network support for far too long.

Your (IP/PING) packet may get there but that doesn’t mean it can get back.

Subnet masks still matter.

At a customer site you will either be standing around waiting or rushed off your feet. There is no middle ground.

Requirements change often just before you hit return, and frequently after you have pressed return. Always get confirmation.

Being blase bites backsides. If you don’t prepare, you will be caught out by something that otherwise would have been thought easy.

Documentation and diagrams and descriptions are the lifeblood of support. Don’t set yourself up to bleed later by ignoring it.

Early to rise and late to bed is what you should expect when going onsite.

Xerox 6605DN scanning to a Macintosh running OSX 10.9 (Mavericks) over SMB and FTP

(This probably also applies to 10.8 – Mountain Lion)

I decided I needed to replace an aging Konica Minolta Magicolour 2530DL and decided to also get more deskspace by getting rid of a Canon Pixma MX850 that I really only used for scanning/faxing. After looking round I decided to jump in with both feet with the Xerox WorkCentre 6605DN (it is just the duplex capable version of the 6605N). Probably overkill but I wanted something that did everything and would hopefully be reliable.

It came with OSX support (great for my mixed network) but what you don’t realise is that buried deep in the web site blurb at http://download.support.xerox.com/pub/drivers/Compatibility_Matrix/other/macosx/en/MacOSX10-8_Matrix.pdf is a paragraph that says

“Scan Driver Compatibility with Mac OS X 10.8
Some scan functionality is diminished in Mac OS X 10.8. In particular, scanning via the SMB protocol is no longer supported due to architectural changes in Mac OS X 10.8. Please continue to visit Xerox.com/drivers periodically for updates regarding enhancements to scan drivers that address this change.”

even though the same document says that the WorkCentre 6605 is a Level 1 supported device (“Drivers for Mavericks are available and can be downloaded from Xerox.com.”)!

So the problem isn’t caused by Xerox. But the problem it causes is mine, and presumably yours if you are reading this.

With the Canon, you had a piece of software (the Canon IJ Network Selector) that spoke to the Pixma so you could select to scan directly from the scanner to your Mac or PC.

With Xerox, you use the SMB protocol (amongst others) to do it and Apple altered their SMB protocol support so that even when you follow the (not very well described from a Mac user point of view) instructions in the manual it still won’t work. But you can get round it (and avoid sending it by email) by using the Xerox supported FTP protocol. Except that Apple removed the front end to this in Mountain Lion and Maverick!

You can use an alternative FTP server with a GUI (some suggest ProFTPD) or you can just use Terminal to hand crank the FTP server. Or, as suggested here, you can have a small application that just gives you an alternative GUI front end to the existing OSX FTP service.

If you want to manually control it, then enter the following in the Terminal window:

sudo launchctl load -w /System/Library/LaunchDaemons/ftp.plist

as shown below

This command (done from an administrator account on your machine) places the FTP service into the launchd service database and starts the service.

There are associated commands to stop/start/remove the service which I list below:

sudo launchctl stop com.apple.ftpd
sudo launchctl start com.apple.ftpd
sudo launchctl unload /System/Library/LaunchDaemons/ftp.plist

Why would you want to stop the service? Well it uses a little bit of memory and perhaps more importantly, it is a service that lets someone with your username/password copy files to and from your machine remotely. You might be wary of that. Of course if you don’t want to have to type these commands then perhaps the GUI tool mentioned above might be better for you.

So now we need to create a folder that will be used to receive the scanned images/documents. I found it easiest to create one inside the Pictures folder. You can see it below called XeroxScans (entering a name without spaces just makes life easier when using FTP, trust me!)

So now we need to configure the scanner part of the WorkCentre 6605DN. We can do this using one of the utilities installed with the Xerox OSX software. Inside Applications/Xerox is the Address Book Editor.
(or you can do it using the web front end to the printer but this is prettier)

This lets you edit the destinations the scanner knows about, without having to use the keypad on the scanner to enter all the details. Start the application.

It will read the address book in the scanner

and when it has grabbed all the values

you are shown the main Address Book Editor screen. Double click on ‘Server’ so that we can add a new entry for your machine

and you have the server entry page displayed (this is the second entry on this machine, so your window title will say ‘Server Address – 001’)

Type in the values

Click OK and you can now see your entry in the main Address Book window.

Save this back to the scanner by clicking on the quaint old school floppy disk icon

and the save progressed is notified to you

and eventually completed

Now we can actually do a scan from the Xerox 6605.
Here is the front panel touchscreen display.

Press scan and you get 4 options (just probably not this fuzzy!)

We will select the one labelled ‘Network’ in the top left corner.
It then shows you the ‘Server’ entries from the address book.
Select one (it turns blue), and then we are going to click the ‘OK tick’ in the top right part of the screen.

We now have the options page (where you can change the destination file type or resolution)

Assuming all is okay, press the big green start button next to the keypad on the operators panel of the machine.
‘Processing’ starts. At this stage it tries to open a connection to the FTP server

… and it failed. I did this deliberately so you would see what the error message looked like. It will fail if the address is incorrect, or you selected a non-default port (it is normally 21 – scroll up the the entry we made in the Address Book editor and you can see the default listed) and the FTP server is not running on that port, or if the machine is off or not running an FTP server at all, or the username and/or password is incorrect or the path to save the files is wrong (remember what I said about not using a space in the filename).

If it manages to open a connection then it will start scanning

We can now press ‘Done’ on the touchscreen and our files will be saved to the directory path we had in the server entry in the address book

and here are the files, saved in folders which are the date and time of saving, with the actual files inside (there is a preference to not save in individual folders, the decision is up to you)

Well done, all completed.

Now if only it would scan multiple photos and save them in separate files in one step, like the Canon Pixma does.

As a side note, if you decide to set up the mail option, you need to reboot the printer before it will connect properly to the mail server (or at least that is what I found out, eventually, when using Gmail).

OSX Fusion / VMWare vmdk has one or more internal errors that cannot be fixed

Not the best sight to greet you when you try and start up a VMWare session on Fusion (VMWare’s OSX implementation). I knew that I had caused this by Force Quitting Fusion the night before because I thought it had hung. In fact it was moving disk blocks around because I had deleted a snapshot.

The Library looked okay:

I could see no ‘reclaimable’ shading on the bar so it seemed that the old snapshot had been cleaned up correctly.

But the session would not start. I needed to find the log file to see what was going on.

So the first thing is to find the VMWare files in question. I navigated to the following path (where raza is the username for the machine):

Inside this folder was one file – the container holding the operating system I am using on the machine under Fusion.

You need to right click on the file and Show Package Contents to open the container,

So I looked in the log file and saw:

2014-06-18T19:13:20.515Z| Worker#0| I120: DISK: OPEN scsi0:0 ‘/Users/raza/Documents/Virtual Machines.localized/Windows XP Professional.vmwarevm/Windows XP Professional-000002.vmdk’ persistent R[]
2014-06-18T19:13:20.528Z| Worker#0| I120: Current OS Release is 13.2.0
2014-06-18T19:13:20.573Z| Worker#0| I120: DISKLIB-SPARSECHK: [/Users/raza/Documents/Virtual Machines.localized/Windows XP Professional.vmwarevm/Windows XP Professional-000002.vmdk] GT Error (GG2): GT[728][509] = 72349440 / 14630400
2014-06-18T19:13:20.759Z| Worker#0| I120: DISKLIB-SPARSECHK: [/Users/raza/Documents/Virtual Machines.localized/Windows XP Professional.vmwarevm/Windows XP Professional-000002.vmdk] Grain #565030 @72349568 is orphaned.
2014-06-18T19:13:20.759Z| Worker#0| I120: DISKLIB-SPARSECHK: [/Users/raza/Documents/Virtual Machines.localized/Windows XP Professional.vmwarevm/Windows XP

followed by more “Grain #nnnnnn is orphaned” messages for the the vast majority of the 106MB log file.

It was at this point I realised that I had older snapshots, and I had a backup of the data inside the current container because I use a backup agent when the container is working. What I didn’t have was a backup of the container (or rather of the physical file). I hadn’t done this because of course the file is huge and when you are in Fusion, the file is open so you can’t get a consistent backup anyway.

So I did what any sensible person does at this point. I googled. It looked like it might just be a lock file issue (it wasn’t, and that was the solution because I did have to go to an older snapshot in the end) so I thought I would visually document the answer if it had been a lock file problem – which has the same symptoms.

In the folder, the 02 suffix file was the snapshot that had the issue – 75GB of changes… ouch!

The file extensions are explained very well at http://on-cloud9.com/2012/01/16/virtual_machine_files_explained/ and https://www.vmware.com/support/ws55/doc/ws_learning_files_in_a_vm.html so I don’t intend to repeat it here.

Anyway, you can see the lock folder file with the .lck extension:

and inside this folder is a lock file:

So I deleted the folder.

Now the Library window shows that the snapshots are accessible.

Sure enough, you can see them.

But annoyingly if you try and start the Current State file, it still fails with the same error.

A thread at https://communities.vmware.com/ suggested repairing the vmdk file. For me using Fusion 6.0.3 this meant the following command string:

sudo “/Applications/VMware Fusion.app/Contents/Library/vmware-vdiskmanager” -R /Users/raza/Documents/Virtual\ Machines.localized/Windows\ XP\ Professional.vmwarevm/Windows\ XP\ Professional-000002.vmdk

No joy though, as I got the message:

The virtual disk, ‘/Users/raza/Documents/Virtual Machines.localized/Windows XP Professional.vmwarevm/Windows XP Professional-000002.vmdk’, is corrupted and cannot be repaired.

There was no choice but to go back to the last snapshot and then apply all the changes I had made. Luckily there were not many, and those that could have been tricky – like applications, turned out to be okay because I had retained copies of them on a network volume (I had deleted them from the physical PC that was being migrated to a VM as I completed each transfer). Once that was done I reinstalled the backup software and pulled any local user files from the last backup.

Of course this was a learning exercise and I learnt I should have been

a) using automatic snapshots using the Fusion Autoprotect feature

b) that I should backup the container vmdk file (so I now do that once a week, if the file is not open – an option in Crashplan – to a local NAS)

c) that snapshots are not equal to backups because they are on the same physical host and even if you were to copy them elsewhere, they are a chain of files holding changes from the last snapshot. That means if you lose one, you risk not being able to use later snapshots.

The article https://communities.vmware.com/thread/177906 and https://communities.vmware.com/message/2118363 suggests I might be able to open the corrupt vmdk using VDK or UFS Explorer under a windows 32bit platform… I’ll update this post if I ever try that.

Update: 21st June 2014:

Wow! I tried UFS Explorer (on OSX) against the damaged vmdk file. It had absolutely no problem reading it and let me do a recovery of files without a problem. I didn’t need anything from the container but at least I was able to verify that I had not missed anything in recreating it from an old snapshot + backups.

OSX Mavericks and restoring visibility of the Canon Pixma MX850 network scanner

My Mac Mini uses my ‘old’ Canon Pixma MX850 as a network scanner. I can either say to the Mac that it should scan using the Pixma, or I can tell the scanner from the machine operation panel to scan images and then place them on the Mac Mini (or indeed one of the other networked machines on the LAN). But I inadvertently used the top bar scanner selection utility (Canon IJ Network Scanner Selector)

 

and picked on the ‘Do Not Use’ option.

 

Bad idea because the listed scanner MAC address immediately disappeared. No problem I thought, I’ll just rescan. There isn’t a rescan option. In fact there was no way I could find to get the scanner listed again. In the end, the only way to recover the situation was to reinstall the Canon MX850 Scanner Driver software from the Canon support site.

Now you can one again see the Mac as a target from the Pixma operations panel:

Mulberry Email Client, AVAST, and OSX don’t mix happily

I had an irritating problem with my preferred OSX mail client, the venerable Mulberry, whereby it would not open the INBOX on my tuffmail.com hosted account but it would open the INBOXs for other mail accounts. It was also quite happy to permit access to other mailboxes in the Tuffmail account.

I could get to that INBOX from other IMAP clients running on Android (K9 Mail) and Tuffmail’s own HTTP clients. It could also be accessed via the OSX Mail App (after a very, very long wait for synchronisation…).

Protocol logging showed the IMAP login and facilities of the mail server, then a SEARCH UNSEEN, then nothing.

I thought there was possibly a INBOX size limit at the provider (though it was nowhere near as big as it has been in the past, and other mail clients worked) or that some bad email was causing Mulberry to bomb the account (but protocol logging showed nothing).

Then I realised that I had installed AVAST on my Mac and that has a Mail Shield component that sits in line with the IMAP connection. I realised this when I saw the certificate pop up in Mulberry from AVAST after restarting the mail client.

Avast Mail Shield gets in the way but only when you restart the Mulberry application. If you didn’t close Mulberry and restart it after the AVAST installation, it might be some days/weeks before you notice any issue. This happens regardless of whether you have SSL on or off to your mail account. It happens regardless of whether you set Avast Mail Shield to scan secured connections except that if you set SSL/IMAPS access to your account and you switch off Avast Mail Shield secured scanning, you can get access.

So I had a decision to make:

1) Don’t run AVAST, but that isn’t very palatable. There are lots of infected attachments and although they might not target OSX, that is going to happen.

2) Use SSL to access your mail account and switch off Scan Secured Connections, but then your other SSL secured accounts are not scanned.

3) Use the Ignore Mail Server option to exclude only the failing mail account and then decide whether you want to do SSL or not to that and the other mail servers. Obviously having SSL on means that your mail is encrypted in transit between the mail server and the mail client, so it is a sensible option to have switched on.

By the way, switching to OSX Mail App with AVAST did show up at least 90+ emails sitting in mailboxes with infected attachments, so even though they were Windows specific issues, at least I got something for my pain. It also shows that you shouldn’t just rely on your ISPs to spot every rogue email.

 

Shrewsoft VPN on Windows, Cisco ASA access, and the curious ACL order problem

I was working with a Cisco ASA customer that wished to remain with classic IPSEC IKEv1 access from Windows 8 clients (rather than SSL or Anyconnect client access). Cisco no longer make a VPN client that will load onto Windows 8 (they have no 64 bit support), so I recommended they use the Shrewsoft VPN client.

All seemed to be going well, until the customer reported an issue with some of the v2.2.2 clients whereby they could not access privately addressed hosts over the VPN connection from the Shrewsoft client but using another login account, they could.

We collectively scratched our heads over this until it was realised that if the Split-Tunnel ACL had two or more lines AND the first line gave access to a single host (rather than a subnet), then the entire ACL failed to provide any access. If the Split-Tunnel ACL listed the entries with a subnet first, then the subsequent lines could be single hosts without any issue.

So this would fail because the host entry is listed first:

access-list example_fails extended permit ip host 192.0.0.225 172.16.200.0 255.255.255.0
access-list example_fails extended permit ip 192.9.1.0 255.255.255.0 172.16.200.0 255.255.255.0
access-list example_fails extended permit ip 192.9.215.0 255.255.255.0 172.16.200.0 255.255.255.0

but reorder it and it will work:

access-list example_works extended permit ip 192.9.1.0 255.255.255.0 172.16.200.0 255.255.255.0
access-list example_works extended permit ip 192.9.215.0 255.255.255.0 172.16.200.0 255.255.255.0
access-list example_works extended permit ip host 192.0.0.225 172.16.200.0 255.255.255.0

 

The same ACL in the order that would not work with the Shrewsoft client (example_fails), would work with a 32 bit Cisco IPSEC VPN client, and with a native OSX VPN client. So it was a bug.

Saving OSX Grab as JPEG instead of TIFF

Prior to OSX 10.9.2 I often needed to take screen shots for WordPress or documents, and therefore it is most useful to have them as JPG format.

By default the OSX utility Grab saves files in TIFF format, so you have to open them in Preview and then Export as JPG. Far too much work!

Opening a terminal window and typing

defaults write com.apple.screencapture type jpeg

sets the default save mode to be JPG. (jpeg and jpg are the same thing)

The file type options are:

• defaults write com.apple.screencapture type png
• defaults write com.apple.screencapture type pdf
• defaults write com.apple.screencapture type jpg
• defaults write com.apple.screencapture type jpeg
• defaults write com.apple.screencapture type tif
• defaults write com.apple.screencapture type psd

For the change to be effective you can then do a restart or use the command ‘killall SystemUIServer’ if you wish.

After 10.9.2 something changed to prevent this from working so the majority of my screenshots were done using Skitch, or latter just by using the Evernote Web Clipper extension in Chrome.