Showing posts with label Cisco. Show all posts
Showing posts with label Cisco. Show all posts

Friday, November 1, 2013

Cisco: Reflecting the Change of Router-ID

It's rate to change the OSPF router ID but nice to know how to change a configured router ID.

OSPF's router ID is chosen based on the following criteria:

  1. Manually configured Router ID
  2. The highest IPv4 address on a loopback interface
  3. The highest IPv4 address on an active (up/up) interface

The router ID is elected when the ospf process starts. Once elected, a manual intervention in the OSPF process is necessary to reflect the change of the router ID. A text book says you need to issue "# clear ip ospf process" after changing the router ID, but in some cases, the command is not sufficient.

When explicitly configured with "(config-router)# router-id ROUTER_ID", "# clear ip ospf process" will work for you.

When implicitly configured with "a loopback interface" or "an active interface", you need to "#reload" the router to make the change effective.

at No comments:
Labels:

Tuesday, October 22, 2013

TTL for BGP packets

By default, an eBGP message has IP TTL of 1. When neighbors do not have a common network, or an eBGP router uses its loopback interface as an update source, the TTL value needs to be adjusted.
(config-router)# bgp neighbor IP_ADDR ebgp-multihop TTL_VALUE
In contrast, iBGP message has TTL of 255, and there is no need for extra configuration when using a loopback interface as an update source.
eBGP OPEN Message

iBGP OPEN Message

at No comments:
Labels: ,

Friday, October 18, 2013

Link: Cisco official design guide

Design zone for security by Cisco
http://www.cisco.com/en/US/netsol/ns744/networking_solutions_program_home.html

at No comments:
Labels:

Thursday, October 17, 2013

Cisco IOS key bindings

Cisco IOS implements UNIX shell like key bindings. The following is what I often use. Once you get used to it, C-a or C-b is going to be your headache when connecting to a cisco device with GNU screen or a window multiplexer (e.g. tmux, byobu),  ;)

GENERAL
TAB key
Completes a partially typed CLI command
?
Displays help
C-p, Up arrow, C-n, Down arrow
Displays your previous command (history)
C-^
Breaks current processing command
C-r
Redisplays the current command line
C-z
Takes you back to privileged EXEC Mode

Deleting an Input
C-u
Deletes all characters before the cursor
C-w
Deletes a word (behind the cursor)
C-h
Deletes a character (behind the cursor)

Moving the Cursor Quickly
C-a
Places the cursor at the beginning of a line
C-e
Places the cursor at the end of a line
C-f
Moves the cursor forward one character
C-b
Moves the cursor backward one character
Esc-f, Esc f, C-[ f
Moves the cursor forward one word
Esc-b, Esc b, C-[ b

Moves the cursor backward one word

at No comments:
Labels:

Saturday, August 17, 2013

Failure of injecting default route to EIGRP with "ip default-network"

"ip default-network" command seems not inject a default route. The behavior looks different from what is written on Wendell Odon's CCNP book.
  • "ip default-network" creates a default route on a router from which the "default-network" command is issued. However, other routers learns only a candidate default route (They have no default route set.).
  • "ip default-network" command needs to be issued from a router that is not directly connected to the target default route.
  • A router that is connected to a default route side (R3 in the following experiment) does not learn the candidate default route from the command.
Note: 192.0.0.1/24 on R2 is not used in the experiment
Misc: To reflect the result of `no ip default-network`, the target interface needs to be shut down. 

Used IOS: 15.0(1)M ADVENTERPRISEK9-M

CASE 1
*Topology*
R1 fa0/0 <---> R2 fa0/0

*Interfaces*
R1
fa0/0 10.0.0.1/8
lo0 128.0.0.1/16

R2
fa0/0 10.0.0.2/8
lo0 192.0.0.1/24

*Commands*
R1
eigrp 1
    net 10.0.0.0
    net 128.0.0.0
ip default-network 128.0.0.0

R2
eigrp 1
    net 10.0.0.0
    net 192.0.0.0

*Result*
"ip default-network" has no effect because it is issued on R1 where 128.0.0.0 network is directly connected.

R1# sh ip route
Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/8 is directly connected, FastEthernet0/0
L        10.0.0.1/32 is directly connected, FastEthernet0/0
 *    128.0.0.0/16 is variably subnetted, 2 subnets, 2 masks
C*       128.0.0.0/16 is directly connected, Loopback0
L        128.0.0.1/32 is directly connected, Loopback0
D     192.0.0.0/24 [90/156160] via 10.0.0.2, 00:16:24, FastEthernet0/0


R2# sh ip route
Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/8 is directly connected, FastEthernet0/0
L        10.0.0.2/32 is directly connected, FastEthernet0/0
D*    128.0.0.0/16 [90/156160] via 10.0.0.1, 00:10:06, FastEthernet0/0
      192.0.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.0.0.0/24 is directly connected, Loopback0
L        192.0.0.1/32 is directly connected, Loopback0


CASE 2
*Topology*
R1 fa0/0 <---> R2 fa0/0

*Interfaces*
R1
fa0/0 10.0.0.1/8
lo0 128.0.0.1/16

R2
fa0/0 10.0.0.2/8
lo0 192.0.0.1/24

*Commands*
R1
eigrp 1
    net 10.0.0.0
    net 128.0.0.0

R2
eigrp 1
    net 10.0.0.0
    net 192.0.0.0
ip default-network 128.0.0.0

*Result*
R2 uses "128.0.0.0" as a default route.

R1
Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/8 is directly connected, FastEthernet0/0
L        10.0.0.1/32 is directly connected, FastEthernet0/0
      128.0.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        128.0.0.0/16 is directly connected, Loopback0
L        128.0.0.1/32 is directly connected, Loopback0
D     192.0.0.0/24 [90/156160] via 10.0.0.2, 00:32:27, FastEthernet0/0
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, FastEthernet0/1
L        192.168.0.1/32 is directly connected, FastEthernet0/1


R2
Gateway of last resort is 10.0.0.1 to network 128.0.0.0

S*    0.0.0.0/0 [90/156160] via 10.0.0.1, FastEthernet0/0
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/8 is directly connected, FastEthernet0/0
L        10.0.0.2/32 is directly connected, FastEthernet0/0
D*    128.0.0.0/16 [90/156160] via 10.0.0.1, 00:00:39, FastEthernet0/0
      192.0.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.0.0.0/24 is directly connected, Loopback0
L        192.0.0.1/32 is directly connected, Loopback0


CASE 3
*Topology*
R3 fa0/1 <---> fa0/1 R1 fa0/0 <---> fa0/0 R2 fa0/1 <---> fa0/1 R4

*Interfaces*
R1
fa0/0 10.0.0.1/8
fa0/1 192.168.0.1/24
lo0 128.0.0.1/16

R2
fa0/0 10.0.0.2/8
fa0/1 172.0.0.1/16
lo0 192.0.0.1/24

R3
fa0/1 192.168.0.2/24

R4
fa0/1 172.0.0.2/16

*Commands*
R1
eigrp 1
    net 10.0.0.0
    net 128.0.0.0
    net 192.168.0.0

R2
eigrp 1
    net 10.0.0.0
    net 172.0.0.0
    net 192.0.0.0
ip default-network 128.0.0.0

R3
eigrp 1
    net 192.168.0.0

R4
eigrp 1
    net 172.0.0.0

*Result*
R2 uses "128.0.0.0" as the default route.
On R4, 128.0.0.0 is marked as a candidate default, but gateway of last resort is not set.
On R3, 128.0.0.0 is not even marked as a candidate defaut. 


R1
Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/8 is directly connected, FastEthernet0/0
L        10.0.0.1/32 is directly connected, FastEthernet0/0
      128.0.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        128.0.0.0/16 is directly connected, Loopback0
L        128.0.0.1/32 is directly connected, Loopback0
D     172.0.0.0/16 [90/30720] via 10.0.0.2, 00:09:41, FastEthernet0/0
D     192.0.0.0/24 [90/156160] via 10.0.0.2, 00:50:24, FastEthernet0/0
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, FastEthernet0/1
L        192.168.0.1/32 is directly connected, FastEthernet0/1


R2
Gateway of last resort is 10.0.0.1 to network 128.0.0.0

S*    0.0.0.0/0 [90/156160] via 10.0.0.1, FastEthernet0/0
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/8 is directly connected, FastEthernet0/0
L        10.0.0.2/32 is directly connected, FastEthernet0/0
D*    128.0.0.0/16 [90/156160] via 10.0.0.1, 00:19:04, FastEthernet0/0
      172.0.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.0.0.0/16 is directly connected, FastEthernet0/1
L        172.0.0.1/32 is directly connected, FastEthernet0/1
      192.0.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.0.0.0/24 is directly connected, Loopback0
L        192.0.0.1/32 is directly connected, Loopback0
D     192.168.0.0/24 [90/30720] via 10.0.0.1, 00:12:43, FastEthernet0/0


R3
Gateway of last resort is not set

D     10.0.0.0/8 [90/30720] via 192.168.0.1, 00:10:24, FastEthernet0/1
D     128.0.0.0/16 [90/156160] via 192.168.0.1, 00:10:24, FastEthernet0/1
D     172.0.0.0/16 [90/33280] via 192.168.0.1, 00:06:37, FastEthernet0/1
D     192.0.0.0/24 [90/158720] via 192.168.0.1, 00:10:24, FastEthernet0/1
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, FastEthernet0/1
L        192.168.0.2/32 is directly connected, FastEthernet0/1


R4
Gateway of last resort is not set

D     10.0.0.0/8 [90/30720] via 172.0.0.1, 00:07:31, FastEthernet0/1
D*    128.0.0.0/16 [90/158720] via 172.0.0.1, 00:07:31, FastEthernet0/1
      172.0.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.0.0.0/16 is directly connected, FastEthernet0/1
L        172.0.0.2/32 is directly connected, FastEthernet0/1
D     192.0.0.0/24 [90/156160] via 172.0.0.1, 00:07:31, FastEthernet0/1
D     192.168.0.0/24 [90/33280] via 172.0.0.1, 00:07:31, FastEthernet0/1


CASE 4
*Topology*
R3 fa0/1 <---> fa0/1 R1 fa0/0 <---> fa0/0 R2 fa0/1 <---> fa0/1 R4

*Interfaces*
R1
fa0/0 10.0.0.1/8
fa0/1 192.168.0.1/24
lo0 128.0.0.1/16

R2
fa0/0 10.0.0.2/8
fa0/1 172.0.0.1/16
lo0 192.0.0.1/24

R3
fa0/1 192.168.0.2/24

R4
fa0/1 172.0.0.2/16

*Commands*
R1
eigrp 1
    net 10.0.0.0
    net 128.0.0.0
    net 192.168.0.0

R2
eigrp 1
    net 0.0.0.0
    net 10.0.0.0
    net 172.0.0.0
    net 192.0.0.0
ip default-network 128.0.0.0

R3
eigrp 1
    net 192.168.0.0

R4
eigrp 1
    net 172.0.0.0

*Result*
"net 0.0.0.0" has no effect.

R1
Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/8 is directly connected, FastEthernet0/0
L        10.0.0.1/32 is directly connected, FastEthernet0/0
      128.0.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        128.0.0.0/16 is directly connected, Loopback0
L        128.0.0.1/32 is directly connected, Loopback0
D     172.0.0.0/16 [90/30720] via 10.0.0.2, 00:09:41, FastEthernet0/0
D     192.0.0.0/24 [90/156160] via 10.0.0.2, 00:50:24, FastEthernet0/0
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, FastEthernet0/1
L        192.168.0.1/32 is directly connected, FastEthernet0/1


R2
Gateway of last resort is 10.0.0.1 to network 128.0.0.0

S*    0.0.0.0/0 [90/156160] via 10.0.0.1, FastEthernet0/0
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/8 is directly connected, FastEthernet0/0
L        10.0.0.2/32 is directly connected, FastEthernet0/0
D*    128.0.0.0/16 [90/156160] via 10.0.0.1, 00:19:04, FastEthernet0/0
      172.0.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.0.0.0/16 is directly connected, FastEthernet0/1
L        172.0.0.1/32 is directly connected, FastEthernet0/1
      192.0.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.0.0.0/24 is directly connected, Loopback0
L        192.0.0.1/32 is directly connected, Loopback0
D     192.168.0.0/24 [90/30720] via 10.0.0.1, 00:12:43, FastEthernet0/0


R3
Gateway of last resort is not set

D     10.0.0.0/8 [90/30720] via 192.168.0.1, 00:10:24, FastEthernet0/1
D     128.0.0.0/16 [90/156160] via 192.168.0.1, 00:10:24, FastEthernet0/1
D     172.0.0.0/16 [90/33280] via 192.168.0.1, 00:06:37, FastEthernet0/1
D     192.0.0.0/24 [90/158720] via 192.168.0.1, 00:10:24, FastEthernet0/1
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, FastEthernet0/1
L        192.168.0.2/32 is directly connected, FastEthernet0/1


R4
Gateway of last resort is not set

D     10.0.0.0/8 [90/30720] via 172.0.0.1, 00:07:31, FastEthernet0/1
D*    128.0.0.0/16 [90/158720] via 172.0.0.1, 00:07:31, FastEthernet0/1
      172.0.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.0.0.0/16 is directly connected, FastEthernet0/1
L        172.0.0.2/32 is directly connected, FastEthernet0/1
D     192.0.0.0/24 [90/156160] via 172.0.0.1, 00:07:31, FastEthernet0/1
D     192.168.0.0/24 [90/33280] via 172.0.0.1, 00:07:31, FastEthernet0/1


CASE 5
*Topology*
R3 fa0/1 <---> fa0/1 R1 fa0/0 <---> fa0/0 R2 fa0/1 <---> fa0/1 R4

*Interfaces*
R1
fa0/0 10.0.0.1/8
fa0/1 192.168.0.1/24
lo0 128.0.0.1/16

R2
fa0/0 10.0.0.2/8
fa0/1 172.0.0.1/16
lo0 192.0.0.1/24

R3
fa0/1 192.168.0.2/24

R4
fa0/1 172.0.0.2/16

*Commands*
R1
eigrp 1
    net 10.0.0.0
    net 128.0.0.0
    net 192.168.0.0

R2
eigrp 1
    net 10.0.0.0
    net 172.0.0.0
    net 192.0.0.0
redistribute static
ip default-network 128.0.0.0


R3
eigrp 1
    net 192.168.0.0

R4
eigrp 1
    net 172.0.0.0


*Result*
"redistribute static" has no effect.

R1
Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/8 is directly connected, FastEthernet0/0
L        10.0.0.1/32 is directly connected, FastEthernet0/0
      128.0.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        128.0.0.0/16 is directly connected, Loopback0
L        128.0.0.1/32 is directly connected, Loopback0
D     172.0.0.0/16 [90/30720] via 10.0.0.2, 00:09:41, FastEthernet0/0
D     192.0.0.0/24 [90/156160] via 10.0.0.2, 00:50:24, FastEthernet0/0
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, FastEthernet0/1
L        192.168.0.1/32 is directly connected, FastEthernet0/1


R2
Gateway of last resort is 10.0.0.1 to network 128.0.0.0

S*    0.0.0.0/0 [90/156160] via 10.0.0.1, FastEthernet0/0
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/8 is directly connected, FastEthernet0/0
L        10.0.0.2/32 is directly connected, FastEthernet0/0
D*    128.0.0.0/16 [90/156160] via 10.0.0.1, 00:19:04, FastEthernet0/0
      172.0.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.0.0.0/16 is directly connected, FastEthernet0/1
L        172.0.0.1/32 is directly connected, FastEthernet0/1
      192.0.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.0.0.0/24 is directly connected, Loopback0
L        192.0.0.1/32 is directly connected, Loopback0
D     192.168.0.0/24 [90/30720] via 10.0.0.1, 00:12:43, FastEthernet0/0


R3
Gateway of last resort is not set

D     10.0.0.0/8 [90/30720] via 192.168.0.1, 00:10:24, FastEthernet0/1
D     128.0.0.0/16 [90/156160] via 192.168.0.1, 00:10:24, FastEthernet0/1
D     172.0.0.0/16 [90/33280] via 192.168.0.1, 00:06:37, FastEthernet0/1
D     192.0.0.0/24 [90/158720] via 192.168.0.1, 00:10:24, FastEthernet0/1
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, FastEthernet0/1
L        192.168.0.2/32 is directly connected, FastEthernet0/1


R4
Gateway of last resort is not set

D     10.0.0.0/8 [90/30720] via 172.0.0.1, 00:07:31, FastEthernet0/1
D*    128.0.0.0/16 [90/158720] via 172.0.0.1, 00:07:31, FastEthernet0/1
      172.0.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.0.0.0/16 is directly connected, FastEthernet0/1
L        172.0.0.2/32 is directly connected, FastEthernet0/1
D     192.0.0.0/24 [90/156160] via 172.0.0.1, 00:07:31, FastEthernet0/1
D     192.168.0.0/24 [90/33280] via 172.0.0.1, 00:07:31, FastEthernet0/1



at 2 comments:
Labels:

Monday, July 8, 2013

EtherChannel "on" mode can cause a bridging loop.

I thought EtherChannel's "on" mode was a good thing, in which no opportunity for unexpected malfunction, but it's not true.

Misconfigured EtherChannel can form a bridging loop, and STP EtherChannel Misconfig Guard cannot stop all bridging loops scenarios. It's recommended to use PAgP or LACP's negotiation (use "desirable non-silent" or "active") for inter-switch connections and prevent misconfigured ports from being active.

Reference:
How does a loop form in a misconfigured Etherchannel?

Understanding EtherChannel Inconsistency Detection
at No comments:
Labels:

Sunday, May 19, 2013

How to upgrade IOS version/feature set on Cisco 3560

Assumption
1. The switch to be updated is in a factory default configuration.
2. IP address of the switch is 10.240.0.2/24.
3. IP address of the tftp/scp server is 10.240.0.3/24.
4. User name for scp server is switchadmin.
5. The feature set will be upgraded from ipbase to ipservice.
6. The switch will be updated to c3560-ipservicesk9-mz.122-55.SE7.bin.
7. The switch does not require a web console.

Procedure
1. Configure a ssh server or tftp server

2. Assign an IP address to a switch
> en
#conf t
(config)#int vlan 1
(config-if)#ip add 10.240.0.2 255.255.255.0
(config-if)#no sh
(config-if)#^z

3. Check whether the device can hold both current and new IOS images in the flash.
3.1. Check the new images size
3.2. Check a free space on the flash.
#dir flash:

If the switch has enough space, go to step 5

4. If the flash does not have sufficient free space, delete the current IOS image.
Delete the image file with "delete flash:/filename" or "delete /force /recursive flash:/dir_name"

5. Transfer the new image
! Assume the image is stored on tftp root directory.
! "copy " part can be omitted, in some IOS version.
! Don't use scp since it takes more time than you thought.
#copy tftp://10.240.0.3/c3560-ipservicesk9-mz.122-55.SE7.bin flash:

6. Verify the transfered image
! verify command was released 12.2(4)T, 12.0(22)S
#verify /md5 flash:/c3560-ipservicesk9-mz.122-55.SE7.bin

7. Change boot image
#conf t

! Just specify the path to the boot image.
(config)#boot system flash:/c3560-ipservicesk9-mz.122-55.SE7.bin
(config)#^z

! Verify boot configuration
#sh boot

! Save changes
#wr me

8. Reboot the switch
#reload

Note
1. If the boot loader needs update, it will be done automatically when the first time the switch is booted up with the new image (, and it causes a reboot).

2. Almost equivalent of step 5 to 7 is
! Assume the image is stored on "flash:/c3560-ipserviceslmk9-tar.122-55.SE7.tar/c3560-ipservicesk9-mz.122-55.SE7.bin"
#archive download-sw /imageonly /leave-old-sw tftp://10.240.0.3/c3560-ipserviceslmk9-tar.122-55.SE7.tar
(If the switch shows a feature set incompatibility error, add "/allow-feature-upgrade" option when upgrading/downgrading a feature set.)

Consideration
1. This method is faster than upgrading IOS with archive command since unnecessary files are not transfered. (=> The tar archive contains files for the web console as well.)

2. Downloading an image is a quite high load task. The CPU usage went up between 84%-77% while transferring. It should be done in a maintenance window.

Reference:
Catalyst 3750 Software Upgrade in a Stack Configuration with Use of the Command-Line Interface
http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_example09186a00804799d7.shtml

Upgrading a Cisco 3750 IOS from a .bin image file
http://thias.marmotte.net/2008/11/upgrading-a-cisco-3750-ios-from-a-bin-image-file/

MD5 File Validation
http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/cf_md5_ps6350_TSD_Products_Configuration_Guide_Chapter.html

at No comments:
Labels:

Saturday, May 18, 2013

How to use UC-SGT on Mac OS X Mountain Lion 10.8.2 (15' rMBP 2012)

It's been ages since a serial port disappeared from a laptop PC. Nevertheless, network devices requires a serial connection as a our-of-band connection. I grabbed a USB serial adapter UC-SGT, but my laptop (15' rMBP 2012, Mountain Lion) needed a trick to recognize it.
  1. Download a driver from a prolific's website
    http://prolificusa.com/pl-2303hx-drivers/
  2. Install the driver following README
  3. Add an entry for UC-SGT to the driver
    cd /System/Library/Extensions/ProlificUsbSerial.kext/Contents
    sudo cp -p Info.plist Info.plist.ori
    sudo vim Info.plist Info.plist.ori

    * Insert the following entry before the entry for <key>067B_2303</key>
             <key>056E_5004</key>
             <dict>
                 <key>CFBundleIdentifier</key>
                 <string>com.prolific.driver.PL2303</string>
                 <key>IOClass</key>
                 <string>com_prolific_driver_PL2303</string>
                 <key>IOProviderClass</key>
                 <string>IOUSBInterface</string>
                 <key>bConfigurationValue</key>
                 <integer>1</integer>
                 <key>bInterfaceNumber</key>
                 <integer>0</integer>
                 <key>idProduct</key>
                 <integer>20484</integer>
                 <key>idVendor</key>
                 <integer>1390</integer>
             </dict>

  4. Rebuild kext cache
    sudo touch /System/Library/Extentions/
    sudo reboot
Caution: kext cache needs to be rebuilt; otherwise, you need to issue kextload /System/Library//Extensions/ProlificUsbSerial.kext  command every time you boot the box.

Note: TU-S9 from TRENDnet works on prolific's driver without changing plist.
at No comments:
Labels: ,

Friday, May 17, 2013

How to transfer files from/to cisco devices

There are several options for transferring files to a cisco device. Tftp is a traditional way. Scp is also supported by IOS from 12.3(2)T, 12.2(14)S (encryption needs to be supported by the feature set). If no in-band connection is available, xmodem will become an option for it.

scp
Pro: Transfered files are encrypted
Con: Not supported by all platforms, in-band connection is necessary

tftp
Pro: Supported by all platforms
Con: Files are transfed in plain text, tftp protocol does not have authentication, in-band connection is necessary

xmodem
Pro: Supported by all platforms, No need for in-band connection
Con: Slow transmission

Whenever transferring a start-up configuration, it's better to think about using scp in favor of tftp since not a few passwords are on the config in a plain text or in an obscured form. Type 7 encryption is just an obfuscation that is cracked within a second, and even type 5 encryption can be decrypted with a massive computation power since the salt is also on the same file.


Reference:
Cisco IOS Configuration Fundamentals Command Reference
http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_c1.html#wp1064741

Cisco Password Cracker (For type 5 encryption)
https://www.google.com/search?q=cisco+type+7+crack&ie=utf-8&oe=utf-8&aq=t

Decrypting Cisco type 5 password hashes
http://retrorabble.wordpress.com/2011/02/09/decrypting-cisco-type-5-password-hashes/

at No comments:
Labels:

Saturday, April 14, 2012

Arp cache aging time

Cisco routers
    4 hours
Cisco switches
    5 min
Windows Server 2003 and before
    2 min ( 10 min, if the address is reused )
Windows Vista and after
    Between 15 sec and 45 sec (random)
Linux box
    Various aging time

Switches are able to learn destination MAC addresses from client stations' arp request/query (because switches have longer aging time than client hosts). Those time differences keep them from flooding.

Refferences for Windows box
View the Address Resolution Protocol (ARP) cache
http://technet.microsoft.com/en-us/library/cc786759%28v=WS.10%29.aspx

Description of Address Resolution Protocol (ARP) caching behavior in Windows Vista TCP/IP implementations
http://support.microsoft.com/kb/949589



at No comments:
Labels: ,
Subscribe to: Posts (Atom)