Cisco




SMTP inspection with policy-map in ASA

This is the first time I was disappointed by the cisco.com . I had a simple task at hand – configure SMTP inspection in ASA 8.0(3) and cisco.com documentation didn’t help me at all. But first the task:Secure internal mail server by preventing it from sending …



Cisco IPS sensor – initial setup

I am using Cisco IPS sensor 4235 unless specified otherwise Initial Configuration. By default , out of the box the sensor has the following defaults: Management IP: 10.1.9.201/24 Default gateway: 10.1.9.1 Allowed access: from the network 10.1.9.201/24 Telnet access: disabled …



Difference between ebgp-multihop and ttl-security.

Once upon a time reading some CCIE paper at work I asked myself a question : “Why would someone bother to invent ttl-security and even write RFC 5082 The Generalized TTL Security Mechanism (GTSM) about it when multi-hop EBGP feature provides the same end result ?” . First some background. For some reasons …



Capture packets at IOS Cisco router or finally we have a sniffer

Finally it is here – built-in sniffer on the Cisco IOS platform ! Starting IOS 12.4(20) release Cisco introduces brand new feature called Embedded Packet Capture (EPC) that allows us to capture raw packets on the Cisco router and then later analyze it offline. It can capture any traffic passing …



'Cisco log: Missing cef table for tableid 65535 during CEF samecable event'

Today I've noticed some strange error on my Cisco 1841 router : %FIB-4-FIBCBLK: Missing cef table for tableid 65535 during CEF samecable event After searching the net, i've found some Cisco bug that describes this. "FIB-4-FIBCBLK errors with dns view Symptoms Message "%FIB-4-FIBCBLK: Missing cef table for tableid 65535 during CEF …



Cisco ASA privilege separation for a local user or read only user on ASA

Today I had the need to create a user in ASA that would have read-only permissions and also could issue only 2 commands: show run and show conn. Here is how to do it. We talk here about user with a local authentication (with TACACS it is much easier). Just …



copy http flash – download from HTTP server to the Cisco router

You may need to download a remote file (usually IOS image, but anything goes) to the Cisco router via HTTP. The command is simple, but be aware of few caveats: Router# copy http[:full URI specification] flash[: local path to save the file] The caveats you should know: - router first …



Tracking the source of DDOS attack with Cisco IOS ip source tracking

Problem: Enterprise is under Denial Of Service Attack (DDOS) that brings down key elements of the business or the whole network at all. To track the attacker is the first step in handling the attack and unless the flood is coming from inside (most probably not in a well managed …



Cisco routers ip accounting to see most bandwidth abusing connections

First of all, Happy New year everyone ! As I promised before (last year :) I'll look at ip accounting in Cisco world. I'll say it at the start - accounting being with us since IOS 10.0 is getting pushed aside by the powerful Netflow feature. And while it is nowhere being …



Finding the station/IP using/abusing most of the bandwidth – PIX/ASA

Here is a short how-to I wrote some (well ,long) time ago for the newcomers to our department. It was written for the PIX , but applies to ASA as well in most cases,see for ASA notes for differences. Usually it starts with client complaining about slow internet, or users …