Skip to Content

General

Quick IOS Upgrade Tip: USB Flash Drive Support

Wed, 2010-09-22 07:12
usb_flash_drive.jpg

Ever have a project that involves deploying several, even dozens, of routers? Upgrading the IOS on each and every one is usually one of the first steps and it can be a time consuming task! 

Well, there is hope my friends. Cisco has been including USB ports on many of their devices for several years. Originally when they first started appearing, they didn't always do anything. You could plug something into them and nothing would happen. 

However, that has changed in many of the newer software versions that are being released, in particular Cisco's ISR series.  This has made the process of upgrading code on a non-production router so much easier it is worth writing about.  Here is the list of IOS versions that support USB:

Cisco IOS Shortcut: pipe exlude

Mon, 2010-05-31 08:40

If you have ever been working on a large Cisco chassis, undoubtedly you've had to hit space bar about 100 times when you issue show commands that include all the interfaces. Well, here is a quick time saver for when you are using the show ip interface brief command and you just want to find interfaces that are not admin down. Here's how it works:


A normal show ip interface brief results looks like this:

CBWFQ : Not supported on subinterfaces

Fri, 2010-04-23 06:45

If you are used to being able to apply QoS policies to interfaces, it is somewhat surprising when you go to apply one to a subinterface and are greated with an error message:

CBWFQ : Not supported on subinterfaces

Never fear, there is a documented work around. You basically have to trick the router into believing CBWFQ is not being applied to the subinterface. Cisco's fancy term for this is a hierarchical policy.

Here's a link with specific examples: Applying QoS Features to Ethernet Subinterfaces

Base Config: ASA IPSec Remote Access VPN Template

Thu, 2010-04-15 05:59
Icon from Nuvola icon theme for KDE 3.x.


With the iPad making it's debut, I've had a couple clients wanting an IPSec Remote Access VPN so they can access the corporate network remotely from their iPad. Here's the starting template I use:

CCDA

Fri, 2010-03-05 10:28

Cisco has an entry level design certification called the Cisco Certified Design Associate, or CCDA. This is similar to the CCNA in that it is a foundational certification that goes a mile wide and an inch or two deep. If you have passed your CCNA and you are looking for the next challenge, take some time to consider the available options...

  1. Specialize in an area of networking with Cisco's Voice, Security, or Wireless CCNA Certifications.
  2. Take your CCNA level knowledge to the next level and focus on the CCNP
  3. Focus on the design track, starting with the CCDA.

If you are interested in persuing the CCDA, there are some great resources to get started. First, check out the Tekcert articles section for writeups on the CCDA or on specific topics that align with exam topics. Also, check out the Exam Topics, CCO login required.

Cisco Revises CCNP Certification Track

Fri, 2010-02-12 18:54

Cisco recently revised their CCNP track to make it align with actual job requirements (such as troubleshooting problems on networks full of Cisco equipment).What do these changes mean for current Cisco Certified Network Professionals? Well, not much other than  you still get to take a 642 level exam to renew it. However, for all you non-CCNPers out there, tighten your belts and sharpen your pencils because you are in for a bit of a change.

Base Config: ASA WebVPN

Thu, 2009-05-21 07:49

This is becoming a common configuration for me. Here's a base template I use:
ip local pool WebVPNPool 192.168.251.10-192.168.251.100 mask 255.255.255.0
webvpn
enable outside
svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.3.0254-k9.pkg 2
svc enable
tunnel-group-list enable
group-policy WebVPNPolicy internal
group-policy WebVPNPolicy attributes
dns-server value X.X.X.X
vpn-tunnel-protocol svc
group-lock value WebVPNAccessProfile
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_Tunnel_List
default-domain value business.local
address-pools value WebVPNPool
webvpn
svc ask none default svc
hidden-shares none
file-entry disable
file-browsing disable
url-entry disable
tunnel-group WebVPNAccessProfile type remote-access
tunnel-group WebVPNAccessProfile general-attributes
default-group-policy WebVPNPolicy
tunnel-group WebVPNAccessProfile webvpn-attributes
group-alias WebVPN enable

The Handy, Dandy Cisco Product Quick Reference Guide

Tue, 2008-11-04 13:54

This guide rocks - it's every router, switch, or miscellaneous widget that Cisco makes and the modules each can handle. Very handy when trying to figure out what to buy for a project. You can conveniently download it from here. -Summer 2008 Edition

Book Review: Voice over IP Security

Wed, 2008-09-17 13:35

voipsecurity.jpg

I've always been interested about VoIP security...it seems many networks running VoIP are now considering their security options (years after initial deployment). When I first looked through this book, I was unimpressed. It seems like the book spends A LOT of time talking through foundations of H.323, MGCP, SIP, encryption, authentication, etc... (just general security topics and voice concepts).

CCIE Wireless?

Wed, 2008-08-20 13:23

I just received a "general announcement" in my email about registering for the BETA CCIE Wireless written exam. Wow - yet another CCIE specialty arrives.

If you'd like to see the CCIE Wireless Written Exam blueprint, click here.

My First GNS3 Lab...

Mon, 2008-04-28 12:20

Thanks for all the feedback on my GNS3Labs.com idea from the previous post. Here's what I've decided to do: GNS3Labs.com will not (immediately) be a "hosted" GNS3 solution since there are a TON of technical details I still need to work out to make this possible. Instead, it will become a repository of labs for all things Cisco. Here's what I plan on doing:
1. Build the site (probably a Joomla solution...once I figure out Joomla. I'm so pathetic at anything dealing with web development)...but I do know the HTML code to make things bold. :)
2. Create a "lab writing template." I would like all the labs on this site to have a uniform look-and-feel to them. The lab template will be distributed to anyone who wants it.
3. Create a sample lab (more on this at the end of this post).
4.

Cisco Blog Forum

Thu, 2007-11-08 13:36

No...it's not here yet. BUT, I've gotten enough requests for a general forum that I've decided to give it a go. I've downloaded and installed a forum engine which has a daunting number of options. Over the next week or two, I'll be configuring the forum options and creating the boards. Are there any specific categories ya'll would like to see?
Please keep in mind, this forum will be about community and not just me answering everyone's questions! I'm sure I'll jump in here or there on a particularly exciting topic, but I know this is one of those systems that could suck me in causing me to abandon life as a whole...which I've tried to stop as of late. Please tag any suggestions / comments on to this post - thanks!

Security Tools Galore

Wed, 2006-05-31 13:45

I'm working on recording a security video series right now and came across this link: http://www.insecure.org/tools.html. Can we say ROCK ON?!? This is a list of the top 75 security tools you can use to audit your network. This is guarentees at least two months of tinkering around with these widgets. My top 5 are:
#1 Ethereal (the ol' standby)
#2 Nessus (be your own auditing company)
#3 NMap (port scanning galore)
#4 Netcat (port redirection & general hacking widget)
#5 Snort (free IDS)

Syndicate content


Dr. Radut