CCIE EIGRP Filtering (GNS3 lab) In this GNS3 lab we're looking as the various options on how we can filter updates between EIGRP speakers and then how that affects the traffic flow (as EIGRP is a distance vector
CCIE 6to4 Tunnelling (GNS3 Lab) This is a quick lab to look over how 6to4 tunnelling can be implemented using GNS3 1.3 and 3725 (running c3725-adventerprisek9-mz124-15.image). The topology will be as below but the important part
CCIE DMVPN setup with PSK (GNS3 Lab) [toc] Dynamic Multipoint VPNs (DMVPN) offer a low admin overhead and scalable VPN solution. It is also efficient at routing traffic as it can dynamically reconfigure itself from a hub and spoke to
Cisco jun2acl (Juniper to Cisco ACL Script) Recently we've needed to migrate an inherited environment away from Juniper Junos and onto Cisco IOS. As part of this a lot (!) of old an quite nasty firewall filter config needed to be
CCIE EIGRP (Named vs Legacy) Just a quick look over the basic differences with the newer style of EIGRP config. It really is quite a bit nicer (more logcal?) layout in the config with things like authentication moving
BGP BGP RTBH setup using exaBGP [toc]In this post I'll describe a basic setup using Cisco IOS, IOS XR and exaBGP that will function as a BGP remotely triggered blackhole (RTBH) allowing you to null route any source/
Cisco Generate DSCP marked pings Today it was useful to confirm a switch was passing DSCP marked packets as expected and handling 'ef' marked packets. To do this on a cisco switch we can use the extended ping
Cisco SNMP ACL (after community check?!) Not my usual kind of post of "how to do ...blah" but something I'd come across yesterday that was a little interesting/annoying/silly. Best practice dictates you apply an ACL
Cisco Connectivity problems to a NAT'd host via a VPN on Cisco IOS Problem where a client on one side of a VPN tunnel cannot communicate with another host on the other side that has a static nat entry. The host 10.0.0.2 is
Cisco Show "free" (not used for a while) ports on Cisco switch with one command Reasonably common task I come accross is to find free ports on switches (ports that havent been used for sometime). Sometimes its very easy where you can use an NMS or similar to
Android OpenVPN server on Fedora 16 connecting Cyanogenmod (7.1) Android phone [bridged] [toc] Intro I have already posted about openVPN on Ubuntu but the config for Fedora is a little different so here's a updated post. I did the following setup using Cyanogenmod 7.1
CCNP Security Cisco IOS Certificate Server set-up and client enrolment (GNS3 Lab) A quick step by step overview of how to configure the certificate server on a Cisco IOS device. The certificate server functionality was added in version 12.3(4). It is only available
Cisco Cisco (type 7) password decryption and encryption with Perl I've often seen password decryption tools for the Cisco (type 7) passwords and wondered how they worked. To learn more about that and Perl I thought I'd give it a go :) The short
ASA Cisco pipe options and some regex examples Just a quick post about using the pipe (|) command on Cisco devices to help format the output of any command. Add the pipe to any show command then ? can show the available options.
Cisco Display the specific port used in an etherchannel for given src/dst info Etherchannel on Cisco switches uses a hashing algorithm to determine which interface within the bundle to send the data over i.e. The port choice is deterministic and will always be the same
640-553 CCNA Security Role Based CLI access to Cisco IOS using Views Just having a play around with role based access and "views". Not a feature I've used much in production. Below we will configure a view that only allows the use of
Android Setting up OpenVPN for Android phone (NAT & ZBFW on Cisco 1801) I've been looking to get a decent "native" VPN setup on my android phone for a while. There doesn't seem to be native support for IPSEC VPNs terminating on Cisco routers.
Cisco IOS ping with rotating data pattern/payload Came across an interesting problem where depending on the ping payload the loss would vary quite a bit when being sent over a WAN link. Pings using windows machines were seeing higher loss
640-553 CCNA Security Simple Zone Based IOS Firewall (GNS3 Lab) Just a post about the basic config and options of Cisco IOS zone based firewall using the Topology below Grab the initial configs and GNS3 .net file [HERE]. From the initial configs all
640-553 CCNA Security Steps to configure an IPSEC site to site VPN on a Cisco IOS device (GNS3 Lab) Just some short notes on basic IOS vpns using the topology below as an example. All the configuration examples are for the router Lefty. Grab the GNS3 .net file and initial configs [HERE]
ASIC ASIC to port mapping Just a couple of commands to show the ASIC/port mapping on most cisco switches. show interfaces capabilities module Is used on smaller switches e.g. 3750 m00nie-C3750#show platform pm if-numbers interface
aaa Password-less ssh login using pki to Cisco IOS A cool feature in IOS I recently came across was the ability to configure SSH login using PKI. As far as I can see this feture was added in version 15.0 Already
642-691 BGP+MPLS BGP Route Reflectors (GNS3 lab) One problem of having a large number of routers running IBGP with each other in a full mesh is the volume of IBGP connections needed. The formula to see the number of connections
642-691 BGP+MPLS Changing MED value in BGP (GNS3 lab) BGP Multiexit Discriminator (MED orMULTI_EXIT_DISC) is an optional nontransative attribute (Type code Value 4). It is usually used to exchange info about a preffered to external BGP neighbours. MED is passed
annoying Stop your Cisco device interrupting your typing One annoying "feature" of Cisco devices is that they often output info when your typing into the console making you loose your place and unable to see what you are typing
