Skip to Content

IOS

Navigating the IOS command line

Mon, 2012-02-20 09:23

I decided to put together a quick blog post on some handy IOS file management commands. I'll likely add to this again in the future to make it more complete, but I wanted to get something started, so here it is..

dir - Get a directory listing of whatever path your are in. 

Cisco Security Advisory - IKE Resource Exhaustion Attack

Thu, 2011-11-03 06:57

If you have ever setup an IPSEC VPN, then you are most likely aware of IKE. IKE is a protocol that can be used to get the first phase of an IPSEC VPN established, a.k.a exchange keys. Well, Cisco has identified a vulnerability in the IKE implementation on Cisco platforms thanks to the work of Roy Hills from NTA Monitor Ltd that could allow a malicious individual to unleash a denial of service on your VPN devices.

What's Vulnerable

Essentially, if your Internet facing VPN devices or border routers
allow anyone on the planet to establish an IKE session with your Cisco
VPN devices (Cisco 3000 VPN Concentrator, Pix, ASA, ISR, etc), then you
are vulnerable.

The issue is pretty much present in anything that supports IPSEC VPNs and doesn't explicitly filter traffic to the VPN devices. Cisco is tracking the issue in the following bug ID's:

Cisco 4500 In Service Software Upgrade (ISSU)

Thu, 2011-06-02 07:31

Came across a nifty video featuring Jimmy Ray Purser demonstrating the Cisco 4500 Sup 7E and the new single line In Service Software Upgrade (ISSU) feature. 

If you are unfamiliar with ISSU, it basically lets you upgrade a router or switch to new code without taking a significant outage to reboot.  In the 4500 Sup 7E, Jimmy mentions a 10 millisecond outage during the upgrade - much better than several minutes. 

The video is embedded below. If you don't have flash, the link to it on YouTube is also below.

Administrative Distance

Tue, 2011-05-31 07:20

If you find yourself forgetting the default administrative distance values after you’ve completed an exam, this post is for you.

When routers learn of a route from more than one source, they need a way to pick the “best” one. Administrative Distance is used when such a situation arises. Lower administrative distances are considered more reliable than higher AD’s. The following table is a quick reference for those studying for exams and need to memorize the default administrative distances on Cisco gear:

 

Console Cable for your iPad and iPhone

Mon, 2011-03-07 07:17

It's finally here and may just be that last bit of justification you need to buy an iPad 2. Redpark has released a serial console cable that is Apple certified and will work on Apple IOS devices such as the iPhone and iPad. The console cable sells for $69.00 USD and is available via Redpark's online shopping cart site

Once you get the cable, what good is it to you without a terminal application? Well, if you don't want to jailbreak your device and load a terminal program that way, there is an app called Get Console available in the app store. Their How It Works page is very informative, they even have the following YouTube video to demonstrate how it works:

Cisco IOS H.323 Denial of Service Vulnerabilities

Tue, 2010-09-28 05:43

Cisco recently announced a vulnerability in their IOS software related to H.323 that could be exploited to DoS your router with malformed packets. If you have a router running versions of code that are vulnerable (they range from 12.1 all the way to 15.0 code versions) AND you have the H323 process running, then someone could send malformed packets to the router and cause it to reboot. This could even happen by accident if you have video conferencing software that doesn't adhere to the H323 standard. 

IOS 12.4 EOL, Universal IOS, and Cisco License Manager

Mon, 2010-09-27 07:25
keys.jpg

Many of you may have heard by now, IOS 15 is the way of the future for IOS based devices. Cisco made their official End-of-Sale and End-of-Life Announcement for Cisco IOS Software Release 12.4So, if you weren't planning on upgrading to IOS 15 ever, at least now you can know when you won't be able to call Cisco for help. The specific dates for EOL and EOS are detailed in the link above, but here's is a screen shot of the dates to save you a click:


 
Cisco IOS 12.4 EOS, EOL

Cisco IOS Shortcut: pipe exlude

Mon, 2010-05-31 08:40

If you have ever been working on a large Cisco chassis, undoubtedly you've had to hit space bar about 100 times when you issue show commands that include all the interfaces. Well, here is a quick time saver for when you are using the show ip interface brief command and you just want to find interfaces that are not admin down. Here's how it works:


A normal show ip interface brief results looks like this:

Syndicate content


Dr. Radut