Articles tagged with #Cisco




Teach Cisco ASA to speak NTP

Time is precious, even more when you need accurate logging . Let's configure NTP time synchronization on our ASA 5510. Configs are pretty simple, but worth remembering a thing or two. ASA can not be NTP server as opposed to IOS. You can use prefer optional keyword with ntp server command …



Redundant interfaces in Cisco ASA

In Cisco ASA they called it interface redundancy. The idea is to provide for the physical link failure. That is – you combine two physical interfaces on the ASA into a virtual one, then you configure all the Layer 3 parameters on this virtual interface. At the same time only ONE …



Playing with RIP on ASA

Cisco ASA and RIP RIP has been with ASA for years and in this article I will try to cover all possible scenarios in configuring, misconfiguring. debugging and verifying it. As I come up with new ideas how to break the RIP on ASA I will update this article as …



Visio stencils for Cisco, Juniper, Fortinet, Checkpoint, Avaya Updated for 2020

Updated for 2020. Some links to download Microsoft Visio stencils of the most popular vendors. Juniper Cisco Avaya BlueCoat Fortinet Dell Requires registration Checkpoint happen not to have official stencils set, only Nokia appliances stuff can be found. So someone volunteered and using icons/press releases/PowerPoint presentations done by …



Cisco IPS sensor – initial setup

I am using Cisco IPS sensor 4235 unless specified otherwise Initial Configuration. By default , out of the box the sensor has the following defaults: Management IP: 10.1.9.201/24 Default gateway: 10.1.9.1 Allowed access: from the network 10.1.9.201/24 Telnet access: disabled …



Difference between ebgp-multihop and ttl-security.

Once upon a time reading some CCIE paper at work I asked myself a question : “Why would someone bother to invent ttl-security and even write RFC 5082 The Generalized TTL Security Mechanism (GTSM) about it when multi-hop EBGP feature provides the same end result ?” . First some background. For some reasons …



Capture packets at IOS Cisco router or finally we have a sniffer

Finally it is here – built-in sniffer on the Cisco IOS platform ! Starting IOS 12.4(20) release Cisco introduces brand new feature called Embedded Packet Capture (EPC) that allows us to capture raw packets on the Cisco router and then later analyze it offline. It can capture any traffic passing …



Cisco ASA privilege separation for a local user or read only user on ASA

Today I had the need to create a user in ASA that would have read-only permissions and also could issue only 2 commands: show run and show conn. Here is how to do it. We talk here about user with local authentication (with TACACS it is much easier). Just as …



copy http flash – download from HTTP server to the Cisco router

You may need to download a remote file (usually IOS image, but anything goes) to the Cisco router via HTTP. The command is simple, but be aware of few caveats: Router# copy http[:full URI specification] flash[: local path to save the file] The caveats you should know: - router first …



Ping – setting don't fragment bit in Linux/FreeBSD/Solaris/Cisco/Juniper

Linux FreeBSD Solaris CISCO routers (IOS) Juniper routers (JunOS) Ping. Many times while debugging network problems of various kinds you need to send some packets of desirable size and don’t fragment bit being set. I list below how to do it for the different equipment/OSes. Let’s start …