Routing

If you have built a home lab (or are running really ancient hardware in production), you may find yourself in need of resetting the password configured on a 2500 series router. Depending on the router platform, the syntax is different. Here's how to do it on a 2500:

1. Reboot the router and send a break sequence to enter ROMMON mode. Break sequences can be sent using a Ctrl+Break key combination, or if you are on a system that doesn't have a break sequence, try using your terminal software to send a break sequence.

2. (optional) Type the letter O and hit enter. Record the existing setting, it's most likely 0x2102.

3. To reset the configuration register and have the router bypass the startup-config, type the following:

o/r 0x2142

To boot the router, type the letter i and hit enter.

Ever wonder if you have what it takes to pass the CCIE R&S Written Exam? Well, if you are looking into taking the exam, you have most likely visited Cisco's site dedicated to the cert. However, it's easy to overlook a freebie Cisco gives to potential CCIE exam takers - Free Practice Questions.

There are only a handful of them to give you an idea for the level of difficulty you may encounter on the written exam, but every little bit helps. Here's the link for all who are interested: CCIE Routing and Switching Sample Questions

Interesting statement...but one that's direct from Cisco. In October, CCIE R&S undergoes a "real world" revision to make the skills more applicable to day-to-day jobs. Interesting quote from Maurilio Gorito (he was my proctor "back in the day"):

Q: Will it be harder to pass when the new exams go live?

A - MG: Since the focus of CCIE R&S certification has shifted to job readiness, candidates with less job experience may find the exams more difficult . On the other hand, some candidates may find the written exam easier since it is less focused on equipment specs and more on the real-world job tasks of networking experts.

The full scoop can be found here.

My friend Mike Storm has come up with a good "base" ACL for use on Internet facing routers and firewall devices. While he has it listed on his blog, I am referencing it here for my own future reference.

Assuming my PubNet range is a block of 32 66.238.29.0 - 31. See below

! no fragments
access-list 100 deny tcp any 66.238.29.0 0.0.0.31 log fragments
access-list 100 deny udp any 66.238.29.0 0.0.0.31 log fragments
access-list 100 deny icmp any 66.238.29.0 0.0.0.31 log fragments
! no snmp inbound from the Internet
access-list 100 deny udp any any eq snmp
access-list 100 deny udp any any eq snmptrap

Finally, on Tuesday afternoon, Cisco announced the new CCNA-level certifications...and they are (drum roll please):
CCNA Security
CCNA Voice
CCNA Wireless
I'm actually creating the CCNA Voice Official Exam Certification Guide for Cisco Press as we speak. I've got to tell you - this certification is awesome. It completely fills a much needed gap of knowledge that's needed before you get into the CCVP program. I can't speak for the Security & Wireless certs, but in the CCNA Voice, you'll be learning:
VoIP & Legacy System Integration
CallManager Express setup
Unity Express setup
Basic QoS, Dial-Peers, and other technical nuances
Having this foundation before someone gets into a CCVP will be awesome. Yesterday afternoon, Cisco Press conducted a "podcast video interview" with me about the cert. I'll post the link as soon as it's available. I was actually interviewed by none other than Jeff Doyle (the TCP/IP routing genus) - I'm honored!

These guys at NIL continue to impress me. I originally met one of the NIL staff when I was running a BGP lab at Cisco Networkers a couple years back. We sat and talked about regular expressions with each other while the Networkers folks hacked away at the remote NIL equipment. Ever since then, I've glanced at their website from time to time - they just added a great post on migrating routing protocols:
http://www.nil.com/go/ChangingRoutingProtocol/
While you're there, you can find a wealth of other "best practice/cool tips" articles they have on-hand. This was the first place I learned about the Configure Replace command...which I've found doesn't work as well in practice as it does in theory. But that's another post :).

This blog has been a long-time-coming as someone asked me quite some time ago to post the simplest way to accomplish this (for a home environment). I hate to admit this, but my home PC (where I get all my email) was hacked since I allowed Microsoft's Remote Desktop Protocol (RDP) and VNC from anywhere on the Internet (very bad idea). That was the end of that - now VPN connections are required to get to my home PC. Well, the simplest way to configure a VPN on a router is to use the Cisco SDM...but Real Cisco Techs™ use the command line :). So here we go:

Although this is not directly related to Cisco, I found it quite interesting. For those of you looking to build a cheap (aka FREE) Cisco-like router on Linux, you are in luck. Jump to Google and do a search for Zebra RPM. I use this little widget to simulate other routers on a network. It supports all major routing protocols, even BGP!
Actually, try this site - it might be a little easier than Google to find it:
http://www-128.ibm.com/developerworks/linux/library/l-emu/