Articles tagged with #Cisco




Redundant interfaces in Cisco ASA

In Cisco ASA they called it interface redundancy. The idea is to provide for the physical link failure. That is – you combine two physical interfaces on the ASA into a virtual one, then you configure all the Layer 3 parameters on this virtual interface. At the same time only ONE …



Playing with RIP on ASA

Cisco ASA and RIP RIP has been with ASA for years and in this article I will try to cover all possible scenarios in configuring, misconfiguring. debugging and verifying it. As I come up with new ideas how to break the RIP on ASA I will update this article as …



Visio stencils for Cisco, Juniper, Fortinet, Checkpoint, Avaya Updated for 2020

Updated for 2020. Some links to download Microsoft Visio stencils of the most popular vendors. Juniper Cisco Avaya BlueCoat Fortinet Dell Requires registration Checkpoint happen not to have official stencils set, only Nokia appliances stuff can be found. So someone volunteered and using icons/press releases/PowerPoint presentations done by …



Cisco IPS sensor – initial setup

I am using Cisco IPS sensor 4235 unless specified otherwise Initial Configuration. By default , out of the box the sensor has the following defaults: Management IP: 10.1.9.201/24 Default gateway: 10.1.9.1 Allowed access: from the network 10.1.9.201/24 Telnet access: disabled …



Difference between ebgp-multihop and ttl-security.

Once upon a time reading some CCIE paper at work I asked myself a question : “Why would someone bother to invent ttl-security and even write RFC 5082 The Generalized TTL Security Mechanism (GTSM) about it when multi-hop EBGP feature provides the same end result ?” . First some background. For some reasons …



Capture packets at IOS Cisco router or finally we have a sniffer

Finally it is here – built-in sniffer on the Cisco IOS platform ! Starting IOS 12.4(20) release Cisco introduces brand new feature called Embedded Packet Capture (EPC) that allows us to capture raw packets on the Cisco router and then later analyze it offline. It can capture any traffic passing …



Cisco ASA privilege separation for a local user or read only user on ASA

Today I had the need to create a user in ASA that would have read-only permissions and also could issue only 2 commands: show run and show conn. Here is how to do it. We talk here about user with local authentication (with TACACS it is much easier). Just as …



copy http flash – download from HTTP server to the Cisco router

You may need to download a remote file (usually IOS image, but anything goes) to the Cisco router via HTTP. The command is simple, but be aware of few caveats: Router# copy http[:full URI specification] flash[: local path to save the file] The caveats you should know: - router first …



Ping – setting don't fragment bit in Linux/FreeBSD/Solaris/Cisco/Juniper

Ping. Many times while debugging network problems of various kinds you need to send some packets of desirable size and don’t fragment bit being set. I list below how to do it for the different equipment/OSes. Let’s start with the most popular operating system among network folks …



Tracking the source of DOS attack with Cisco IOS

Problem: Enterprise is under Denial Of Service Attack (DDOS) that brings down key elements of the business or the whole network at all. To track the attacker is the first step in handling the attack and unless the flood is coming from inside (most probably not in a well managed …