Ok here is the thing, when you do a trace route to an IP address, regardless if it’s valid or not the device will try to find the IP address. This finding will only stop once it reaches it’s 30 hops.

Normal case in command prompt you could stop this by doing CTRL+C or CTRL+break.

But in Cisco Devices you can only stop this by doing CTRL+SHIFT+6 which is one of the break sequence on Cisco devices.

Small things helps when you are frustrated!

Ravindu Denawaka

The default settings in IE will not allow to comminicate with Netscreen or ScreenOS system over HTTP or HTTPS. It’s becuase IE by default uses TLS 1.0 is and it’s not supported in Netscreen or ScreenOS.

Solution:

Tools>Internet Options>Advanced> Under “Security” > Un tick TLS.

For some reason one of the poe switch Cisco 3750 was not providing enough power to IP phones. When plug an IP phone it will take the power from another IP phone which plugged in to the same switch.

I had two options, either provide IP phones power by an adapter or shutdown the power of few other switch ports which they don’t use the power feature.

How to disable power on a switch port?

Step 1
configure terminal – Enter global configuration mode.

Step 2
interface interface-id – Enter interface configuration mode for the physical interface to be configured.
eg: interface fa 0/1

Step 3
power inline {auto | never} -Configure PoE on the interface:
eg: power inline never

Step 4
end – Return to privileged EXEC mode.

Step 5
show power inline [interface-id | module switch-number] – Display PoE status for a switch or switch stack, for the specified interface, or for a specified stack member.

Step 6
write memory- Save your entries in the configuration file. Else when the switch restarts all the changes will be lost.

This document covers all the steps you need to recover/reset Cisco Switch

http://www-tss.cisco.com/eservice/compass/common/activities/password_cat_2950.htm

Awesome tutorial !

Here is the thing, can you believe there is no straight forward way to configure a read only user in Cisco devices. If you know any way to do it please correct me here.

Scenario: my manager asked me to create a read only user in 90 networking devices (Routers, Switches, Load balancers, Firewalls) for transitioning company. We have two environments and those two environments are configured differently. Again for security reasons I can not tell you more details.

Initial Planning: First thing came to my mind is KiwiCat Tools and run a batch update for all the devices. Before actually building the implementation I thought just try the commands in a DR switch. After spending few hours on the commands I figured out there no way to create a read only user.

By default, there are three command levels on the router:

• privilege level 0 — Includes the disable, enable, exit, help, and logout commands.

• privilege level 1 — Normal level on Telnet; includes all user-level commands at the router> prompt.

• privilege level 15 — Includes all enable-level commands at the router# prompt.

If I use privilege level 0 or 1 it will not allow to do any show commands such as #show run or #show config. And if I use privilege level 15 it’s going to be power user. So my research continues… Link below helped me a lot and saved my research time. Also official CCNA Security book, page 123, AAA configuration helped me to understand how this run levels and AAA works in Cisco devices.

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml

My solution: There are two things you can do to out come this problem.

a) Create a new user add a custom run level and specify each exec command this user can run [This is not really what I was looking for]. In this way when the user do a show run it will show only the items/sections that he can modify in exec level.

username john privilege 9 password cisco privilege configure level 8 configure terminal privilege configure level 8 interface

login as the user created in my case its “John” and do a show run.

b) Create a new user and a custom run level and allow Show Configuration command for this user. In this way the user can run show configuration command which is very similar to Show Running-Configuration

username john privilege 9 password cisco privilege exec level 7 show config

login as the user created in my case its “John” and do a show config.

For both methods you need to enable AAA on each device. If you dont understand AAA model please read them at Cisco knowledge base.

aaa new-model aaa authentication login default local aaa authorization exec default local

Note: You can not add Show Running-Configuration in this manner. [Don't ask my why]

Note: If you have specify any privilege levels in line vty’s it will overwrite what ever the values you specified in user level. 

Additional Note: in order to prompt for a user name in all Cisco devices you need to specify it. You could do that by either saying login local or creating an authentication string

Ravindu Denawaka [Bachelor of Network Computing, CCNA, MCSE]

Quick note of how to set up JS frameworks using ScriptManager server control.

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning (Paperback)

by Gordon Fyodor Lyon (Author)

The book that we all being waiting for. It seems like it has included all the techniques in port scanning and enumeration. You can buy this in Amazon;

http://www.amazon.com/gp/offer-listing/0979958717/ref=dp_olp_new?ie=UTF8&condition=new

What is a VLAN?

What is a Native VLAN?

Native VLAN must be the same on both trunk ends?

What is a TRUNK?

What is DTP (Dynamic Trunking Protocol)

Basic Configuration of a VLAN 

Show commands associated

What is port security?

The Port Security feature remembers the Ethernet MAC address connected to the switch port and allows only that MAC address to communicate on that port. If any other MAC address tries to communicate through the port, port security will disable the port. Most of the time, network administrators configure the switch to send a SNMP trap to their network monitoring solution that the port’s disabled for security reasons.

How to enable port security

You can also configure port security on a range of ports.

SNMP Trap?

Show port security status of switch ports

 
The output should look something like this.

Clear port security

There are few ways you can clear port securities.

00-11-22-33-44-55 cleared from secure address list list for port 4/1.

Note: When port is in the disable mode (err- disable), in most cases you need to shutdown the interface and bring it up.

Note: if a MAC address is registered on a port and if you still want to assign this MAC address to another port in the same switch, I got in to so much trouble by doing this. In my experience you can not allocate 2 ports the same MAC address. You need to clear the port security and shut down one interface and assign the MAC address to the other port.

Cisco Reference: http://supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_port_security_on_Cisco_Catalyst_switches_running_CatOS